26 lines
1.7 KiB
Plaintext
26 lines
1.7 KiB
Plaintext
MBOX-Line: From tss at iki.fi Mon Jan 18 05:14:10 2010
|
|
To: imap-protocol@u.washington.edu
|
|
From: Timo Sirainen <tss@iki.fi>
|
|
Date: Fri Jun 8 12:34:43 2018
|
|
Subject: [Imap-protocol] Re: [yam] draft-daboo-srv-email: POP3S/IMAPS?
|
|
In-Reply-To: <NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no>
|
|
References: <9A584868-5961-4871-B32E-915394043727@sabahattin-gucukoglu.com>
|
|
<01NIK8RBBRJK004042@mauve.mrochek.com>
|
|
<NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no>
|
|
Message-ID: <6081A14A-42E5-4139-A57D-6DF01EF86BA7@iki.fi>
|
|
|
|
On 18.1.2010, at 13.22, Arnt Gulbrandsen wrote:
|
|
|
|
> Ned Freed writes:
|
|
>> The abscence of a technical justification doesn't mean no other sort of justification exists.
|
|
>
|
|
> I asked three admins about that in 2007, all said "we want all access to be encrypted and imaps/pop3s/smtps is the practical way to get that". Statistics isn't my field, three identical answers was enough for me, and I concluded that SSL wrapping will remain in use until mail servers offer configuration settings to allow/prevent plaintext access to mail.
|
|
|
|
Such setting doesn't help. Dovecot has had one since the beginning and people still configure it to give only imaps/pop3s access. I think there are two big reasons for this:
|
|
|
|
1) Clients are stupid and issue plaintext LOGIN command even if LOGINDISABLED is advertised. So with such clients it's easy to accidentally expose username and password.
|
|
|
|
2) It's easier to enforce "SSL-only" traffic in firewall rules based on ports. For example they'll keep both imap and imaps enabled, but only imaps is allowed outside intranet.
|
|
|
|
(And yeah, then there's probably the biggest reason that people just don't understand that imap/pop3 port supports SSL/TLS.)
|