Re: IMAPS problems...

From: Carlos Morgado <chbm chbm nu>
To: Balsa List <balsa-list gnome org>
Subject: Re: IMAPS problems...
Date: Wed, 22 Aug 2001 17:20:58 +0100

On 2001.08.22 17:03:49 +0100 Brian Stafford wrote:

> 
> > that's why balsa should be smart and not use TLS when it's doing imaps.
> 
> Agreed.  IMO, writing code that correctly layers TLS over TLS in one program
> would be quite an amazing achievement...
> 
> In any case, since there is a variable declared something like
> 	SSL *ssl;
> ignoring the STARTTLS extension when it is offered is as simple as
> 	extensions = get_protocol_extensions();
> 	if (ssl != NULL)
> 		extensions &= ~STARTTLS;
> Not exactly rocket science, or even that smart!
> 
in the case of balsa/libmutt is not very hard either .. it's like 1 line of 
code i think. giving the user good choice and feedback is a bit harder

> > at least, the server config dialog must be updated ..
> 
> If a STARTTLS server is available, then unless it is seriously deficient
> (or export crippled) it should not be behind sslwrapper, stunnel etc.
> 
yeah, i was thinking a dialog like 'lame server works better without imaps -
disable imaps and use TLS ?'

> One potential problem though is if the server offers STARTTLS, it may
> require
> the client certificate for authentication.  The only way to get it is to
> negotiate TLS.  However a correctly implemented client ignores STARTTLS
> because its already using TLS via sslwrapper!  In this case the server will
> refuse to authenticate the client even though sslwrapper/stunnel was
> perfectly happy with the client certificate.
> 
about the same case as LOGINDISABLE STARTTLS over imap.
i don't think we support client certs at this point though ;)

> Methinks that SSL/TLS tunnels, port forwarding etc. are menaces to society
> and should be smashed up into little pieces and banished to the wilderness.
> 
i'm thinking radio buttons instead of the current "Use SSL"

* IMAP TLS
* SSL (imaps)

and then i have to read about SASL and session encription with SASL. sigh.

cheers

-- 
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
Software is like sex; it's better when it's free. - Linus Torvalds

Follow-Ups:
- Re: IMAPS problems...
  - From: Brian Stafford

References:
- IMAPS problems...
  - From: Toralf Lund
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Toralf Lund
- Re: IMAPS problems...
  - From: Brian Stafford
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Brian Stafford
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Brian Stafford
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Brian Stafford

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]