RL 'Bob' Morgan wrote:
With STARTTLS, a site like ours that wants to protect people's passwords
can set our IMAP servers to advertise TLS and require that it be
negotiated by a client in order to log in (or they can use
SASL/GSS/Kerberos, but that's another story). A client that has been
thoughtfully designed will be set to use TLS if it is offered by the
server. This way the client will work just fine, securely, with our
site *without the user having to configure it*. And it will still work
fine with plain old sites that just use cleartext. So everybody wins.
But note this means that the client has to ship with "use TLS if
offered" as a default. It is sometimes argued that client providers
IMO "Use TLS if available" option sucks. When a user has that set, they
won't know if the traffic is encrypted or not. From usability point it
is great, of course. But from security point of view it would be better
to try and force SSL/TLS and only if that did not work ask the user if
it would be ok to try unencrypted.
--
Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Dev" mailing list
http://lists.osafoundation.org/mailman/listinfo/dev
