On Fri, 2004-05-28 at 10:04, David Phillips wrote: > Bret Baptist writes: > > To do SSL with IMAP and POP3 you need to use stunnel right now. > > That's actually an advantage. Why build SSL support into every program when > it can be handled be a single program? Separation is good both from an > engineering and security standpoint. Because then your daemon only sees connections coming in from localhost, buggering any kind of logging or access control based on IP or source port. Now it would be trivial to just have stunnel output the IP and source port upon connecting to the wrapped daemon and patch the daemon to use this information... ... But, SSL is on the way out anyway. TLS is preferred these days and that can't be implemented by a wrapper. I think partly the reason more OS software doesn't support SSL/TLS is that OpenSSL has been the only SSL library around for a while, which has license problems with GPL software, preventing more widespread use. Hopefully this will change now that gnutls is apparently usable, there's also mozilla-nss... But I think the REAL reason is SSL/TLS is "too hard" to implement. Clearly there needs to be a simplified library interface to allow basic encryption to be easily implemented... Is there any really good reason a TLS library can't be implemented with an API not much more complex than plain old sockets? _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list