IETF Logo Mail Archive

Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?

Ned Freed <ned.freed@mrochek.com> Mon, 18 January 2010 17:53 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B54A33A6958 for <yam@core3.amsl.com>; Mon, 18 Jan 2010 09:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.389
X-Spam-Level:
X-Spam-Status: No, score=-2.389 tagged_above=-999 required=5 tests=[AWL=0.210, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhRjhuMFFcXc for <yam@core3.amsl.com>; Mon, 18 Jan 2010 09:53:59 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by core3.amsl.com (Postfix) with ESMTP id EEC133A6954 for <yam@ietf.org>; Mon, 18 Jan 2010 09:53:58 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NILN4UNI1S00A4GL@mauve.mrochek.com> for yam@ietf.org; Mon, 18 Jan 2010 09:53:51 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NIFYPPK6GG004042@mauve.mrochek.com>; Mon, 18 Jan 2010 09:53:47 -0800 (PST)
Message-id: <01NILN4S9ZLU004042@mauve.mrochek.com>
Date: Mon, 18 Jan 2010 09:44:27 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 18 Jan 2010 14:26:36 +0100" <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
MIME-version: 1.0
Content-type: TEXT/PLAIN; Format="flowed"
References: <9A584868-5961-4871-B32E-915394043727@sabahattin-gucukoglu.com> <01NIK8RBBRJK004042@mauve.mrochek.com> <NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no> <6081A14A-42E5-4139-A57D-6DF01EF86BA7@iki.fi> <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no>
To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
Cc: imap-protocol@u.washington.edu, yam@ietf.org
Subject: Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2010 17:53:59 -0000

> Timo Sirainen writes:
> > Such setting doesn't help.

> Such a setting is cecessary, not sufficient.

> > Dovecot has had one since the beginning and people still configure it
> > to give only imaps/pop3s access. I think there are two big reasons
> > for this:
> >
> > 1) Clients are stupid and issue plaintext LOGIN command even if
> > LOGINDISABLED is advertised. So with such clients it's easy to
> > accidentally expose username and password.

> Good point.

> > 2) It's easier to enforce "SSL-only" traffic in firewall rules based
> > on ports. For example they'll keep both imap and imaps enabled, but
> > only imaps is allowed outside intranet.

> Yeah. But I can't remember talking to anyone who really cared about
> allowing cleartext imap inside the firewall.

Sites are all over the map on this. Some have no problem with cleartext
everything inside the firewall while others have mandates that require
a security layer on literally every protocol and every connection.

Then there's the whole wireless thing - sites often have very different
policies for wired versus wireless and all sorts of different arrangements are
used.

				Ned

v2.14.0 | Report a Bug | By Email