[prev in list] [next in list] [prev in thread] [next in thread] 

List:       c-client
Subject:    Re: Status of TLS/SSL support for IMAP server?
From:       Till_Dörges <td () pre-secure ! de>
Date:       2004-01-14 18:18:43
Message-ID: 40058803.8020300 () pre-secure ! de
[Download RAW message or body]

Hi,

thanks for the quick answer. :-)

Mark Crispin wrote:

> UW imapd supports server certificates, and the UW c-client client code
[...]

> supports CA certificate validation of the server certificate.
> UW imapd does not validate client certificates; but I do not know of any
> IMAP client that supports client certificates so it doesn't matter.

The Courier imapd supports client certificates. It's even possible to
insist on a valid client certificate. The certificate, however, can't be
used to authenticate a client (at least not to the very best of my
knowledge.)

The situation seems similar for the Cyrus imapd. I haven't tested it though.

> IMAP clients authenticate to the IMAP server using SASL.

I know, but if the users already have a valid certificate, they might
use it for authentication as well. This saves one set of credentials
(login + password for imap) to be taken care of.

Bye -- Till
-- 
Dipl.-Inform. Till Dörges                  PRESECURE (R)
Researcher                               Consulting GmbH
Phone: +49 (0)700 / PRESECURE           td@pre-secure.de

               Treffen Sie uns auf dem DFN-CERT Workshop
                  http://www.dfn-cert.de/events/ws/2004/
                         3. und 4. Februar 2004, Hamburg


[prev in list] [next in list] [prev in thread] [next in thread]