[wplug] IMAP revisited... to send mail?
Brandon Kuczenski
brandon at 301south.net
Mon Nov 22 03:26:11 EST 2004
On Sun, 21 Nov 2004, Bill Moran wrote:
> Brandon Kuczenski <brandon at 301south.net> wrote:
>
> > For security, the
> > authentication must be performed with a layer of encryption (SSL/TLS)
> > (still not quite clear on the difference between SSL and TLS, but I would
> > guess it's one of nomenclature).
>
> I may be wrong, but:
> SSL requires that both the client and server to know about encrytion right
> off the bat, and use it from the get-go.
Is this it? SSL uses a dedicated service port, but TLS starts out in
cleartext on the standard port and adds encryption later.
> SSL/TLS are best known for encryption, however, they _do_ provide an
> element of authentication. (stick with me, this can be a little
> confusing at first). SSL/TLS do _not_ provide a way for the user
> to authenticate to the server. Instead, they provide a way for the
> server to authenticate to the user (or, potentially, for servers to
> authenticate with each other). That is where certificates come in
> (certificates are not necessary to encryption). A certificate proves
> that server X really is who it says it is, and protects you from
> hijacked DNS servers pointing you to systems that pretend to be your
> server.
In this case, the only security a self-signed certificate provides is that
the client accepts the certificate I provide, and so if anyone ever offers
a different one, he would (theoretically) notice that they were trying to
impersonate me?
Thanks for the philosophical bits, too -- I'm always interested to hear
that this pursuit is more than just a tool to people (other than myself).
-Brandon
More information about the wplug
mailing list