On Fri, 3 Feb 2006, Mark Sirota wrote:
I could count the number of times I've been asked about supporting SASL
security layers in UW imapd on one hand...and still have some fingers
left!
Penn will happy take another finger. :-)
Could you explain why SASL security layers are so important to Penn?
Don't you have to offer SSL/TLS anyway, due to all the clients that don't
have Kerberos? Don't your Kerberos clients now do SSL/TLS, and then
authenticate using Kerberos?
As far as I can tell, the main benefit to using SASL security layers
(instead of SSL/TLS) is to eliminate the overhead of SSL/TLS key
generations, and possibly also an RTT, in the initial session connection.
Otherwise, far more sites are going to have SSL/TLS than Kerberos (or
DIGEST-MD5, the other SASL mechanism which IIRC has security layers).
Am I missing something?
I agree that, conceptually, SASL security layers is the cleanest way to do
things, but SSL/TLS seems to be the direction most people choose.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
