[Dev] IMAP and SMTP accounts defined in external parcel

Brian Kirsch bkirsch at osafoundation.org
Tue Mar 29 11:13:53 PST 2005 

Well said Grant.
I sent this message out earlier today but forgot to CC the dev list:
/
The  change was made to allow IMAP and SMTP account to connect either 
via a direct SSL connection or via a STARTTLS command. The STARTTLS 
command is issued on an unsecure connection by the client to begin a 
secure transaction.

OSAF for example has two ways to send SMTP mail via port 25 with a 
STARTTLS command and via port 465 with a
direct SSL connection.

Some mail servers including OSAF's IMAP server, don't support the 
STARTTLS but allow an SSL connection on an alternative port so 
flexibility is the key.

At some point Chandler will be able to automatically discover a users 
connection type. But for now this is a manual process. /






Brian Kirsch - Email Framework Engineer
Open Source Applications Foundation
543 Howard St. 5th Floor
San Francisco, CA 94105
(415) 946-3056
http://www.osafoundation.org



Grant Baillie wrote:

>
> On Mar 28, 2005, at 11:38 PM, Morgen Sagen wrote:
>
>> I believe for SMTP you can now set connectionSecurity to "TLS", but 
>> not yet for IMAP.  Brian can correct me, and elaborate on what TLS 
>> is, perhaps.
>
>
> In Brian K's absence, I can elaborate...
>
> [1] In the case we're calling "SSL", the client connects to the 
> SMTP/IMAP server (usually on port 465 for SMTP, 993 for IMAP), and 
> immediately starts an SSL handshake.
>
> [2] For "TLS", the client starts a normal SMTP/IMAP connection on the 
> standard port, queries the server as to whether it supports SSL, and 
> then begins an SSL handshake if it does.
>
> FWIW, the thing people think of as "SSL" comes in four different 
> versions. In the fourth of these, it was decided that "Transport Layer 
> Security" was a more accurate term than "Secure Sockets Layer". So, in 
> a way, TLS version 1 == SSL version 4.
>
> While I'm rambling on on this topic, the use of port 465 for SMTP + 
> SSL is controversial. There was an outcry from the ISP community about 
> trying to assign 465 as "smtps", because if you think about it, SSL 
> offers no extra security against spamming. (So, ISPs who think it's a 
> good idea to block outgoing port 25 would also have to block port 
> 465). The registration of 465 was actually withdrawn at some point: if 
> you look at
>
> http://www.iana.org/assignments/port-numbers
>
> you'll see
>
> urd             465/tcp    URL Rendesvous(sic) Directory for SSM
>
>
> Also, in general, the IETF is trying to get people to move away from 
> option [1] above, in favour of [2]. At the very least, it makes 
> writing smarter, self-configuring clients easier.
>
> --Grant
>
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> Open Source Applications Foundation "Dev" mailing list
> http://lists.osafoundation.org/mailman/listinfo/dev

More information about the Dev mailing list