Date: Fri, 4 Dec 1998 10:18:17 -0700 From: Lyndon Nerenberg <lyndon@execmail.com> To: robert+freebsd@cyrus.watson.org Cc: robert@cyrus.watson.org, andrew@squiz.co.nz, security@FreeBSD.ORG Subject: Re: IMAP (was Re: mail.local) Message-ID: <199812041718.KAA02852@rembrandt.esys.ca> In-Reply-To: <Pine.BSF.3.96.981204103543.19902A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Dec, Robert Watson wrote: > > I personally like the CMU Cyrus server, but it's not designed to be a drop > in replacement for an existing UNIX-style mail system; Well, with all due respect to /var/mail/$user, it's about time to put that old war-horse out to pasture. (How many people read usenet out of /var/spool/news these days?) Some people complain that IMAP is complex. Ever looked at the part of the POSIX standard that describes the format of "system mailboxes?" Ugh :-P Writing the IMAP server to deal with this out isn't going to be a trivial task. Nor is it insurmountable. There's a lot of freely available code that can be used as the base. And there's no shortage of mail clients out there these days. Given the number of security issues that have revolved around UNIX mail in the past, the effort we put into creating a well-designed message store will pay off in spades down the road. Now, I shouldn't have to say this here, but ... don't confuse IMAP *implementations* with the IMAP protocol. Yes, there are some horrible IMAP servers out there. I like them less that you, because every time they screw up and get in the press, I have to do damage control to convince people that *our* server isn't affected by any of it ... IMAP isn't simple to do. Many good things aren't. We, at least, should have the talent pool to do this right, n'est-ce pas? Of course POP3 is an alternative, if all you want is a simple maildrop protocol. POP3 will also shortly support SASL security mechanisms, so it's capable of being as secure as IMAP. It would be a shame to lose all the functionality that IMAP provides, though. As I mentioned previously, I'm in a bad position to contribute code. I do, however, have quite a bit of experience designing and implementing this stuff, and I'm willing to contribute whatever I can to the engineering of a new mailstore. If it works, great! If it doesn't, at least we know. Who's willing to put up? (And where do we move the discussion? This isn't really about -security any more.) --lyndon -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812041718.KAA02852>