IETF Logo Mail Archive

Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?

Tony Finch <dot@dotat.at> Mon, 18 January 2010 13:48 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F6C53A67E3 for <yam@core3.amsl.com>; Mon, 18 Jan 2010 05:48:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZ8ojJF37A-K for <yam@core3.amsl.com>; Mon, 18 Jan 2010 05:48:47 -0800 (PST)
Received: from ppsw-5.csi.cam.ac.uk (ppsw-5.csi.cam.ac.uk [131.111.8.135]) by core3.amsl.com (Postfix) with ESMTP id 864683A676A for <yam@ietf.org>; Mon, 18 Jan 2010 05:48:47 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:46601) by ppsw-5.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.155]:25) with esmtpa (EXTERNAL:fanf2) id 1NWryE-0004un-Is (Exim 4.70) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2010 13:48:42 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1NWryE-0004GH-Qp (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2010 13:48:42 +0000
Date: Mon, 18 Jan 2010 13:48:42 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
In-Reply-To: <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
Message-ID: <alpine.LSU.2.00.1001181332190.6203@hermes-2.csi.cam.ac.uk>
References: <9A584868-5961-4871-B32E-915394043727@sabahattin-gucukoglu.com> <01NIK8RBBRJK004042@mauve.mrochek.com> <NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no> <6081A14A-42E5-4139-A57D-6DF01EF86BA7@iki.fi> <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: imap-protocol@u.washington.edu, yam@ietf.org
Subject: Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2010 13:48:48 -0000

On Mon, 18 Jan 2010, Arnt Gulbrandsen wrote:

> Timo Sirainen writes:
>
> > 2) It's easier to enforce "SSL-only" traffic in firewall rules based on
> > ports. For example they'll keep both imap and imaps enabled, but only imaps
> > is allowed outside intranet.
>
> Yeah. But I can't remember talking to anyone who really cared about allowing
> cleartext imap inside the firewall.

I'm not sure exactly what you mean here, but I have counter examples for
two possible interpretations.

If you mean that no one in your experience is worried by unencrypted
access from local IP addresses, then we certainly are especially for
wireless users.

If you mean that no one in your experience enables unencrypted access from
local IP addresses, then I believe it's fairly common for universities to
do so to avoid having to reconfigure thousands of desktop clients. It
took us about a year to completely disable unencrypted access - we wanted
to avoid huge spikes in support load.

With the right software it's fairly easy to restrict unencrypted logins to
local wired networks.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.

v2.23.0 | Report a Bug | By Email