Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 9 Jul 2009, Timo Sirainen wrote:
That's a wrong way to think about it. imaps is a legacy port that
should have died years ago. You can force encrypted sessions on imap
port just by setting
Well, I do not see it like that, moreover because the STARTLS is not
essentially better than IMAP-over-SSL. At least one should be able to
submit the domain/host the client wants to connect to, in order to
enable virtual IMAP/SMTP/... hosting.
So, STARTTLS is just overhead without gain, well, you need one port less.
Actually, I'm coming in rather late, but I thought that was the whole
point of TLS that you could decide what certificate to present AFTER you
knew which client was connecting? This allows virtual hosting with a
different SSL cert per host (current situation is rather difficult...
I'm using a cert with multiple names on it, but this is hard to buy)
It's exciting to see TLS finally coming to http for example and we can
do virtual hosting for machines without needing gazillions of ports (on
the other hand sadly FF has broken the ability to easily use self signed
certs, so just as the internet was about to encrypt everything rather
than go plain text, FF goes and spoils all the fun... *sigh*
Ed W
