Mark Crispin wrote:
> On Thu, 3 Nov 2005, Max Waterman wrote:
>> 1) propose a new RFC to split the username/password, which can then be
>> implemented
>
> The chances of such a document being accepted for publication as an RFC,
> much less being implemented, are about as close to nil as you can get
> without being completely impossible.
Indeed. I wasn't suggesting it was a realistic option.
>
>> 2) use a separate servers for secure and insecure users (I suppose a
>> second NIC would suffice?)
>
> That is more likely. You could use a different port number instead of a
> separate IP address.
Well, no. That is the problem really. Port numbers are just too easy to
get wrong.
>
> I question the need to use a client which does not negotiate SSL or TLS.
> All modern IMAP clients support SSL and/or TLS, and have done so for years.
Indeed, but, again, this is the problem. It is just too easy to get wrong.
I am trying to *ensure* that my users *always* have a secure connection.
This isn't so difficult, and, in fact, this is what we have. However,
other users of the system (it's a 3rd party running it), don't want to
use SSL/TLS, and so the standard ports are still open and will allow
authentication attempts. Thus, my users, if, by mistake, configure their
email clients to use the standard ports, will transmit their username
and password in clear text and so anyone snooping could intercept it and
use it to access the email server themselves.
It seems that the only solution is to have a completely separate server
which only allows authentication after SSL/TLS has been set up.
Or, perhaps, all that is needed is separate server processes running on
a separate NIC?
...or am I missing something.
Max.
>
> -- Mark --
>
> http://panda.com/mrc
> Democracy is two wolves and a sheep deciding what to eat for lunch.
> Liberty is a well-armed sheep contesting the vote.