[Dev] IMAP and SMTP accounts defined in external parcel
Grant Baillie
grant at osafoundation.org
Tue Mar 29 10:16:30 PST 2005
On Mar 28, 2005, at 11:38 PM, Morgen Sagen wrote:
> I believe for SMTP you can now set connectionSecurity to "TLS", but
> not yet for IMAP. Brian can correct me, and elaborate on what TLS is,
> perhaps.
In Brian K's absence, I can elaborate...
[1] In the case we're calling "SSL", the client connects to the
SMTP/IMAP server (usually on port 465 for SMTP, 993 for IMAP), and
immediately starts an SSL handshake.
[2] For "TLS", the client starts a normal SMTP/IMAP connection on the
standard port, queries the server as to whether it supports SSL, and
then begins an SSL handshake if it does.
FWIW, the thing people think of as "SSL" comes in four different
versions. In the fourth of these, it was decided that "Transport Layer
Security" was a more accurate term than "Secure Sockets Layer". So, in
a way, TLS version 1 == SSL version 4.
While I'm rambling on on this topic, the use of port 465 for SMTP + SSL
is controversial. There was an outcry from the ISP community about
trying to assign 465 as "smtps", because if you think about it, SSL
offers no extra security against spamming. (So, ISPs who think it's a
good idea to block outgoing port 25 would also have to block port 465).
The registration of 465 was actually withdrawn at some point: if you
look at
http://www.iana.org/assignments/port-numbers
you'll see
urd 465/tcp URL Rendesvous(sic) Directory for SSM
Also, in general, the IETF is trying to get people to move away from
option [1] above, in favour of [2]. At the very least, it makes writing
smarter, self-configuring clients easier.
--Grant
More information about the Dev
mailing list