Re: StartTLS support for applications

[Tony Earnshaw <tonni@billy.demon.nl>]

fre, 2002-10-18 kl. 14:34 skrev marc.bigler@day.com:

> You are also correct, encrypting sendmail queries is not so critical, I
> must say that I am a bit paranoid :) What I will anyway do is create an
> account for sendmail and let only that sendmail user do queries to the
> sendmail DNs on my LDAP server. I know that's supported by Sendmail.

1142 [root:billy.demon.nl] / # telnet valve.mbsi.ca 25         <
Trying 198.168.101.14...
Connected to valve.mbsi.ca.
Escape character is '^]'.
220 valve.mbsi.ca ESMTP Sendmail; Fri, 18 Oct 2002 15:33:01 -0400
ehlo billy.demon.nl
250-valve.mbsi.ca Hello billy.demon.nl [212.238.97.135], pleased to meet
you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP

Now why would I want my Exim smtp server, which uses TLS automatically,
when it sees STARTTLS advertized, to send to valve.mbsi.ca encrypted, so
that no-one else can read the correspondence?

Why would anyone want to use GSSAPI, DIGEST-MD5, CRAM-MD5 or AUTH PLAIN
after startls for anything at all?

Paranoid? You don't have to be, Marc. They're coming to get you anyway.

Best,

Tony

-- 

Tony Earnshaw

"There are many people who can't face the truth ... If you rob a
normal person of life's lies, at the same time you'll be robbing
him of his happiness."

>From Henrik Ibsen's "Vildanden", "The wild Duck."

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl