Date: Sat, 13 Jul 2002 00:57:04 -0400 From: Leo Bicknell <bicknell@ufp.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-arch@freebsd.org, louie@TransSys.COM, listsub@rambo.simx.org, leifn@neland.dk Subject: Re: Mail subsystem defaults, adding authentication. Message-ID: <20020713045704.GA49379@ussenterprise.ufp.org> In-Reply-To: <3D2FAFB2.E2E9CF36@mindspring.com> References: <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In a message written on Fri, Jul 12, 2002 at 09:42:26PM -0700, Terry Lambert wrote:
> You are almost better off simply using SMTP over SSL, and
> permitting connections only to certificated clients, at which
> point you can just sign the client certificates and be done
> with it, without using the "SMTP AUTH" approach at all.
I want to address this specifically.
I have personally been involved with a half dozen situations where
SMTP AUTH against the password file was desired. In most, certificates
were also investigated. They were rejected for one or more of the
following reasons:
1) There was no certificate management system already in place,
and creating one just for e-mail was "too expensive".
2) Management wanted centrally revokable credentials, which generally
means kerberos (although there are other methods for login
access). While hooking that to certificates is possible, it is
not the default in anything, so it's additional work on top of
1.
3) Configuring trusted credentials in the client software was non-trival
for "regular" end users.
4) Users are used to authenticating with a "password", and preserving
that model is a good thing.
I don't suggest that any or all of them are good ideas, but simply
that from my point of view everyone insists on passwords as the
(only) mechanism.
Today, most people I know are using ssh to port foward 25 +
110/143/220. ssh uses passwords, "localhost" can be trusted. This
works. I want to make this go away, in the default install if at
all possible. imap/ssl solves the mail download issue, so the only
issue I see is how to you securely send mail, without compromising
passwords, using protocols supported today by the majority of e-mail
clients. SMTP AUTH, requiring SSL as I outlined before, is the only
solution I have ever found.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020713045704.GA49379>