"Lucky Green" <[EMAIL PROTECTED]> writes:
>> Ouch. Seems somebody is busy making certain that one won't be able to use
>> standard US distributions of these implementations much longer to trivially
>> implement the secure protocols by adding a wrapper. This is very bad news,
>> indeed.
The IETF is more interested in having well-engineered protocols than
in making it easy to use US implementations. The port explosion was a
real problem, and security done through wrappers makes some security
problems (like authorization) harder, not easier.
Regardless, the STARTTLS command as usually spec'd could probably be
implemented as a wrapper, it would just have to be more complicated
than a simple wrapper.
>> As for simplifying the firewall setup, I would question that
>> forcing a secure and an insecure service to run on the same port
>> adds to the security of a site.
This encourages sites to deprecate the insecure service in favor of
the secure one. In the long run, this increases security and reduces
the need for firewalls, which as often as not give false security.
Marc
