On Tue, 17 Feb 2004, Jeremy Kitchen wrote: >I'm not trying to sway anyone from using binc's built in ssl stuff, just >trying to stir up some conversation about this, get some opinions.
One reason is that Binc IMAP supports STARTTLS, which allows admins to provide both plain text and SSL enabled IMAP over port 143 (single port, single firewall hole), and ucspi-ssl doesn't support this. There are IMAP proxies out there that do support this, though, and with 1.3 it might be that these can be used with bincimapd without much adjusting. With 1.2 this isn't trivial because the environment variables are hex encoded by bincimap-up and not passed in plain text. Another reason is that Binc IMAP doesn't depend on anything other than the OpenSSL libraries, which makes it easier to install and maintain. Given the SSL certificate and private key, which you need anyway, it's just a single tcp-wrapped IMAP server that gives you what you need. Now, for admins who prefer not to have explicit SSL support in Binc but rather use an SSL enabled (port 993) wrapper like stunnel or ucspi-ssl, compiling --without-ssl removes every single line of SSL from bincimap-up, so they should be happy too. Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
