[wplug] IMAP revisited... to send mail?
Bill Moran
wmoran at potentialtech.com
Mon Nov 22 08:54:44 EST 2004
Brandon Kuczenski <brandon at 301south.net> wrote:
> On Sun, 21 Nov 2004, Bill Moran wrote:
>
> > Brandon Kuczenski <brandon at 301south.net> wrote:
> >
> > > For security, the
> > > authentication must be performed with a layer of encryption (SSL/TLS)
> > > (still not quite clear on the difference between SSL and TLS, but I would
> > > guess it's one of nomenclature).
> >
> > I may be wrong, but:
> > SSL requires that both the client and server to know about encrytion right
> > off the bat, and use it from the get-go.
>
> Is this it? SSL uses a dedicated service port, but TLS starts out in
> cleartext on the standard port and adds encryption later.
That's correct as I understand it.
> > SSL/TLS are best known for encryption, however, they _do_ provide an
> > element of authentication. (stick with me, this can be a little
> > confusing at first). SSL/TLS do _not_ provide a way for the user
> > to authenticate to the server. Instead, they provide a way for the
> > server to authenticate to the user (or, potentially, for servers to
> > authenticate with each other). That is where certificates come in
> > (certificates are not necessary to encryption). A certificate proves
> > that server X really is who it says it is, and protects you from
> > hijacked DNS servers pointing you to systems that pretend to be your
> > server.
>
> In this case, the only security a self-signed certificate provides is that
> the client accepts the certificate I provide, and so if anyone ever offers
> a different one, he would (theoretically) notice that they were trying to
> impersonate me?
Again, yes, as I understand it.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list