Victor Duchovni:
> On Mon, Feb 23, 2009 at 02:18:01PM -0500, Timo Sirainen wrote:
>
> > In some setups it's useful for authentication handling to know if the
> > connection is SSL/TLS secured. The patch below should tell this to
> > Dovecot. It compiles, but other than that I haven't yet tested it.
>
> How is this useful? It seems to me that a SASL implementation should
> validate the credentials and leave policy questions to the MTA. The MTA
> can decide whether SASL without TLS is sufficient or not.
At least, that's what Postfix is currently trying to do. Postfix
gets the SASL mechanism list from Dovecot, before Dovecot
knows the connection status (which changes mid-session with TLS).
Postfix can apply a policy such as "no plaintext" to control the
mechanisms it announces to the SMTP client, and what mechanisms
SMTP client can use so it won't send a plaintext password over
an unencrypted connection.
> Also mere use of TLS says nothing about the security of the channel
> in the absense of client certification verification, the server cannot
> exclude MITM attackers even when a TLS session is used. I don't think
> that the TLS on/off "bit" you propose is semantically sound.
Apparently it's possible apply policies at the Dovecot end, depending
on the client IP address and I guess connection encryption status,
for POP, IMAP, SMTP and so on. Whether it works is another matter
(cf. the SMTP client sending plaintext over unencrypted channels).
Wietse
