On Mon, Feb 23, 2009 at 02:18:01PM -0500, Timo Sirainen wrote:
> In some setups it's useful for authentication handling to know if the
> connection is SSL/TLS secured. The patch below should tell this to
> Dovecot. It compiles, but other than that I haven't yet tested it.
How is this useful? It seems to me that a SASL implementation should
validate the credentials and leave policy questions to the MTA. The MTA
can decide whether SASL without TLS is sufficient or not.
Also mere use of TLS says nothing about the security of the channel
in the absense of client certification verification, the server cannot
exclude MITM attackers even when a TLS session is used. I don't think
that the TLS on/off "bit" you propose is semantically sound.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
