[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wish list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "John" == John <john@fiend.securesys.com.au> writes:
John> I believe there's a standard around the place for SSL'ed SMTP.
Yes. That would be rfc2487. The canonical location is:
<ftp://ftp.isi.edu/in-notes/rfc2487.txt>.
The basic idea is to start a session as normal and then issue the
STARTTLS command (STARTTLS is mentioned in the EHLO reply of any
server that supports it). At that point the TLS info is negotiated
and the rest of the connection is secured.
In typical usage, the server's initial announcement, the EHLO and its
reply and the STARTTLS and its reply (and the TLS negotiation, of
course) will be plaintext; everything else encrypted.
Note that one of the big advantages of this is that it allows the
server the auth and authz clients for such things as relaying. Also
note that any server advertized via an MX record MUST NOT require TLS.
- -JimC
- --
James H. Cloos, Jr. <http://www.jhcloos.com/cloos/public_key> 1024D/ED7DAEA6
<cloos@jhcloos.com> E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3W7qXmXqfF+19rqYRAgi5AKC34Q4yG0HZI0o91WAP0oe3QTgRbQCfc6/b
AdMI4oJPyMSXDFuiTq+Wz5o=
=WdHf
-----END PGP SIGNATURE-----
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/