[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: SMTP TLS, SMTP AUTH, POP TLS -a plea
From:       van Helsing <vh () helith ! net>
Date:       2004-10-22 12:56:11
Message-ID: 20041022145611.4ab444de.vh () helith ! net
[Download RAW message or body]

On Fri, 22 Oct 2004 13:15:02 +0200
dmartini@uni-hohenheim.de (Daniel Martini) wrote:

> Hi, 
>  
> Citing OpenBSD <openbsd@shopip.com>:   
> > Likewise, SMTP AUTH and TLS (i.e. STARTTLS) should be configured   
> > out-of-the box too.   
>    
> I can't speak for the developers, but probably reasons for not doing  
> 
> this are:   
> - SMTP AUTH requires sasl, which is not in the base system (at least  
> 
>   for 3.5. Perhaps someone else can give us a clue, if there's a    
>   probability that this might change).   
> - Enabling STARTTLS requires setting up keys and certificates for
> openssl.  
>   Doing this during install time adds to the installer and makes
>   installs more complicated. 

Dosn't SSH create keys too during the 1st boot?
So why shouldn't openSSL not able to do the same for SMTP?
And what's about Apacheand std-self-signed certs wich could be created
in the 1st-boot like SSH-Certs?

> - Anyways, sendmail in the default install is configured to only
> accept  
>   local connections. So what do you want to gain by using cryptography
>    
>   in this case? 
>  
> While I agree with you, that having these things is nice, I am not so 
> sure (for above mentioned reasons), if it makes sense to enable this 
> by default. 
>  
> Regards, 
> Daniel 

Btw: What's about the FTPd OpenBSD provide? No SSL option (even I use
sftp)... but with FTP I'm able to provide a chrooted HOME for users and
with SFTP I'm still not able to do that and Theo wont include any
chroot-solution in the SSH-Source.
Stunnel is NO real solution....

And lets talk about X and the nice port 6000... 
Tell me 100 ppl. who need an open port 6000 in their std-config so
that it is required in the default installation for all users.

And disable the crap in the std-inetd if you wanna improve something....
Just improving 2 services isn't enought....


vh

p.s.
Somebody told me NetBSD has no open port for X.... maybe a nice
improvement somebody can include in oBSD?

[demime 0.98d removed an attachment of type application/pgp-signature]

[prev in list] [next in list] [prev in thread] [next in thread]