On 4 Jun 2002 at 17:13, Mark Crispin wrote:
> Network Working Group M. Crispin
> INTERNET-DRAFT: IMAP4rev1 University of Washington
> Obsoletes: 2060 June 2002
>
> Client and server implementations MUST implement the STARTTLS
> extension and PLAIN SASL mechanism described in [IMAP-TLS]. See
> the Security Considerations section for important information
> about STARTTLS.
I'm sorry if I'm raising something that's been done over already, but I've
only recently returned to this list (I somehow got dropped off at the end
of last year and only really noticed that fact quite recently).
This section, and a reading of IMAP-TLS, appears to be saying that an
IMAP implementation can only be considered compliant if it implements
SSL (sorry for the old terminology - I'm using it to be specific).
Surely that can't be right??
SSL may be a feasible technology under unix, but for people working in
other environments, such as Windows, it's much less obvious how it
can be reasonably done. Windows itself has negligible support for it -
you have to use undocumented API calls that only exist in some
versions, which makes that a non-starter... OpenSSL is like most open
source projects, aggressively anti-Windows, and I *still* haven't found a
working implementation for Windows (I mean this mostly in the sense
that documentation is non-existent, so even if you can find a binary or
get the code to compile, it's not clear to me how to use it) after two
years of looking. Of course, there's BSafe from RSADSI, but I don't
have the US$100,000 license fee they want.
Are we really mandating a technology where implementations are far
from commonplace, and are generally arcane to the point of near-
unusability?
If we are, are there any Windows developers on this list who have found
a solution I haven't discovered for handling SSL in a robust, reliable and
trouble-free manner? Care to point me at it?
Cheers!
-- David --
------------------ David Harris -+- Pegasus Mail ----------------------
Box 5451, Dunedin, New Zealand | e-mail: [EMAIL PROTECTED]
Phone: +64 3 453-6880 | Fax: +64 3 453-6612
Sign seen in a Paris hotel elevator:
"Please leave your values at the front desk."
