On Mon, 10 Mar 2003, Dale Woolridge wrote: > On 10-Mar-2003 11:11 Charlie Brady wrote: > | > | Now a big downside to this approach is that imapfront-auth doesn't yet > | support STARTTLS. > > There is a patch for tcpserver which adds ssl support to it: > > http://www.nrg4u.com/
That's probably very similar to this: http://www.superscript.com/ucspi-ssl/install.html The problem with both options (for me at least) is that there are licensing problems. There is already enough confustion about Dan Bernstein's licensing conditions. The situation with Superscript is worse, if you can believe it. All they say for any of "their" code is: Borrowed code falls under copyright of the original author. But they don't tell you which code is borrowed from which author, and don't give any license to use, modify or distribute their own code. My posted questions about licensing have gone unanswered. > I think this is better than STARTTLS as most clients don't offer enough > choice to avoid potential man-in-the-middle attacks. I don't understand why you think STARTTLS is any different to an SSLized tcpserver in that respect. > Besides, pop3, imap, smtp all offer dedicated tls/ssl ports. Sure, but that's a separate, and easier, issue. Using a wrapper such as stunnel is simple in those cases. -- Charlie
