Date: Tue, 13 Jun 2000 21:17:35 +0200 From: Roelof Osinga <roelof@nisser.com> To: Tara Vitori <tara@exit1.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD security Message-ID: <394688CF.99BD58F5@nisser.com> References: <39452BA4.D77A1E55@exit1.com> <394555F6.1C174377@nisser.com> <394643E0.39D8C59E@exit1.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tara Vitori wrote: > > Wouldn't this require every client box to have ssl installed on it? > Tara > > Roelof Osinga wrote: > > > Use one of the SSL wrappers in ports/security to map the POP3 > > to the POP3S port. There should be an example or two in the > > mail archives. Depends on the client you'll be using as well as, for UNIX, the way you'll be installing them. I can imagine, say, a Linux Netscape binary to have the libs statically linked. Whereas I would imagine that where you to build, say, pine4-ssl from the ports it would depend on some SSL port. Thus installing SSL during the build. Another solution would be to use SSH and run the clients on the server. But that would necessitate installing SSH on al the clients. Seemingly. For example, I use PuTTY as my windows telnet client and it has SSH linked in. Does that count as an install? Anyway, the consequence of foregoing cleartext passwords send out over the Net is that at some point some form of encryption will need to take place. Well, that or some challenge/response type secret handshake thing like APOP (see also RFC 2095). It's not like the client needs all of SSLeay, as long as it can handle encryption it'll work. There's no need to hassle with security certificates and stuff. Take surfing to a secure site. Just because you can use a client certificate does noet mean you must use one. It'll be encrypted as long as the server has some kind of certificate. Preferably one that's acceptable to the client <g>. The above of course implies that if your client machines also have browser installed and if those browsers handle secure connections than you've already installed SSL on those boxes. Roelof -- ----------------------------------------------------------------------- Eboa (ingenieursburo Office Automation) web. http://eboa.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?394688CF.99BD58F5>