[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: StartTLS support for applications
fre, 2002-10-18 kl. 14:34 skrev marc.bigler@day.com:
> You are also correct, encrypting sendmail queries is not so critical, I
> must say that I am a bit paranoid :) What I will anyway do is create an
> account for sendmail and let only that sendmail user do queries to the
> sendmail DNs on my LDAP server. I know that's supported by Sendmail.
1142 [root:billy.demon.nl] / # telnet valve.mbsi.ca 25 <
Trying 198.168.101.14...
Connected to valve.mbsi.ca.
Escape character is '^]'.
220 valve.mbsi.ca ESMTP Sendmail; Fri, 18 Oct 2002 15:33:01 -0400
ehlo billy.demon.nl
250-valve.mbsi.ca Hello billy.demon.nl [212.238.97.135], pleased to meet
you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
Now why would I want my Exim smtp server, which uses TLS automatically,
when it sees STARTTLS advertized, to send to valve.mbsi.ca encrypted, so
that no-one else can read the correspondence?
Why would anyone want to use GSSAPI, DIGEST-MD5, CRAM-MD5 or AUTH PLAIN
after startls for anything at all?
Paranoid? You don't have to be, Marc. They're coming to get you anyway.
Best,
Tony
--
Tony Earnshaw
"There are many people who can't face the truth ... If you rob a
normal person of life's lies, at the same time you'll be robbing
him of his happiness."
>From Henrik Ibsen's "Vildanden", "The wild Duck."
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl