From owner-freebsd-arch Fri Jul 12 21:57: 9 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAB9937B400 for ; Fri, 12 Jul 2002 21:57:06 -0700 (PDT) Received: from ussenterprise.ufp.org (ussenterprise.ufp.org [208.185.30.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BD2443E31 for ; Fri, 12 Jul 2002 21:57:06 -0700 (PDT) (envelope-from bicknell@ussenterprise.ufp.org) Received: (from bicknell@localhost) by ussenterprise.ufp.org (8.11.1/8.11.1) id g6D4v4949537; Sat, 13 Jul 2002 00:57:05 -0400 (EDT) (envelope-from bicknell) Date: Sat, 13 Jul 2002 00:57:04 -0400 From: Leo Bicknell To: Terry Lambert Cc: freebsd-arch@freebsd.org, louie@TransSys.COM, listsub@rambo.simx.org, leifn@neland.dk Subject: Re: Mail subsystem defaults, adding authentication. Message-ID: <20020713045704.GA49379@ussenterprise.ufp.org> References: <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D2FAFB2.E2E9CF36@mindspring.com> Organization: United Federation of Planets Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In a message written on Fri, Jul 12, 2002 at 09:42:26PM -0700, Terry Lambert wrote: > You are almost better off simply using SMTP over SSL, and > permitting connections only to certificated clients, at which > point you can just sign the client certificates and be done > with it, without using the "SMTP AUTH" approach at all. I want to address this specifically. I have personally been involved with a half dozen situations where SMTP AUTH against the password file was desired. In most, certificates were also investigated. They were rejected for one or more of the following reasons: 1) There was no certificate management system already in place, and creating one just for e-mail was "too expensive". 2) Management wanted centrally revokable credentials, which generally means kerberos (although there are other methods for login access). While hooking that to certificates is possible, it is not the default in anything, so it's additional work on top of 1. 3) Configuring trusted credentials in the client software was non-trival for "regular" end users. 4) Users are used to authenticating with a "password", and preserving that model is a good thing. I don't suggest that any or all of them are good ideas, but simply that from my point of view everyone insists on passwords as the (only) mechanism. Today, most people I know are using ssh to port foward 25 + 110/143/220. ssh uses passwords, "localhost" can be trusted. This works. I want to make this go away, in the default install if at all possible. imap/ssl solves the mail download issue, so the only issue I see is how to you securely send mail, without compromising passwords, using protocols supported today by the majority of e-mail clients. SMTP AUTH, requiring SSL as I outlined before, is the only solution I have ever found. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message