[Dovecot] SSL / TLS
Ed W
lists at wildgooses.com
Sat Jul 11 20:10:44 EEST 2009
Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 9 Jul 2009, Timo Sirainen wrote:
>
>> That's a wrong way to think about it. imaps is a legacy port that
>> should have died years ago. You can force encrypted sessions on imap
>> port just by setting
>
> Well, I do not see it like that, moreover because the STARTLS is not
> essentially better than IMAP-over-SSL. At least one should be able to
> submit the domain/host the client wants to connect to, in order to
> enable virtual IMAP/SMTP/... hosting.
>
> So, STARTTLS is just overhead without gain, well, you need one port less.
Actually, I'm coming in rather late, but I thought that was the whole
point of TLS that you could decide what certificate to present AFTER you
knew which client was connecting? This allows virtual hosting with a
different SSL cert per host (current situation is rather difficult...
I'm using a cert with multiple names on it, but this is hard to buy)
It's exciting to see TLS finally coming to http for example and we can
do virtual hosting for machines without needing gazillions of ports (on
the other hand sadly FF has broken the ability to easily use self signed
certs, so just as the internet was about to encrypt everything rather
than go plain text, FF goes and spoils all the fun... *sigh*
Ed W
More information about the dovecot
mailing list