wasm-demo/demo/ermis-f/imap-protocol/cur/1600095080.22813.mbox:2,S

MBOX-Line: From dot at dotat.at  Mon Jan 18 05:48:42 2010
To: imap-protocol@u.washington.edu
From: Tony Finch <dot@dotat.at>
Date: Fri Jun  8 12:34:43 2018
Subject: [yam] [Imap-protocol] Re:  draft-daboo-srv-email: POP3S/IMAPS?
In-Reply-To: <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
References: <9A584868-5961-4871-B32E-915394043727@sabahattin-gucukoglu.com>
	<01NIK8RBBRJK004042@mauve.mrochek.com>
	<NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no>
	<6081A14A-42E5-4139-A57D-6DF01EF86BA7@iki.fi>
	<TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
Message-ID: <alpine.LSU.2.00.1001181332190.6203@hermes-2.csi.cam.ac.uk>

On Mon, 18 Jan 2010, Arnt Gulbrandsen wrote:

> Timo Sirainen writes:
>
> > 2) It's easier to enforce "SSL-only" traffic in firewall rules based on
> > ports. For example they'll keep both imap and imaps enabled, but only imaps
> > is allowed outside intranet.
>
> Yeah. But I can't remember talking to anyone who really cared about allowing
> cleartext imap inside the firewall.

I'm not sure exactly what you mean here, but I have counter examples for
two possible interpretations.

If you mean that no one in your experience is worried by unencrypted
access from local IP addresses, then we certainly are especially for
wireless users.

If you mean that no one in your experience enables unencrypted access from
local IP addresses, then I believe it's fairly common for universities to
do so to avoid having to reconfigure thousands of desktop clients. It
took us about a year to completely disable unencrypted access - we wanted
to avoid huge spikes in support load.

With the right software it's fairly easy to restrict unencrypted logins to
local wired networks.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.