On Thu, 29 Jan 1998, Ken Hornstein wrote:
: >That said, using SSL to tunnel to the POP or IMAP server can also work.
: >The SPOP port is 995.
: >The SIMAP port is 993.
: >
: >There is this little ssl program "edsll" that listens on an "SSL-port" and
: >forwards to the normal port. We have not put this in production, but have
: >been fiddeing with it in house.
:
: Okay, so let me get this straight -- you run a ssl proxy on your local
: machine and tell your client to connect to a "fake" POP/IMAP server
: on your local box, which proxies the connection to the real SPOP/SIMAP
: server, and you authenticate using plaintext passwords over the
: encrypted channel? Interesting. Do you have edsll ported to Windows
: or the Mac?
No, there is no proxy on the local machine. You just connect to a port on
the server that understands SSL. As long as the client and the server can
both talk SSL you are in business. The edsll program is cool, because it
allows you to add SSL capability to a server without having to add any code
to it. It does the SSL negotiation with the client, and sends the rest to
the usual nntpd, imapd, ... binary. The original server do not notice there
is something going on behinds it back.
Setting up proxies on a client is not my favorite way of doing things. It
causes lots of confusion with users.
Now "edsll" does not have to do all its work on the same machine. When I was
doing the initial tests with the news server, I ran edsll on my machine at
work and had it forward the nntp connection to the real news server. Then at
home I pointed my news service at my work machine and "walah".
Randall
:
: >This way we can open our news server to users outside our domain as long as
: >they can authenticate (encrypted) to our servers. Since SSL is being
: >implemented in many clients now, we should not have to be too worried about
: >what software the users ISP's have. And since netscape is free....
:
: I'm curious ... do a lot of mail clients (POP or IMAP) currently support
: SSL? I wasn't aware that any did, but I haven't really been following
: it lately.
My understanding is that the Eudora, I.E, and Netscape clients under
development will have TLI(SSLv3+) support.
:
: --Ken
:
