[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: SMTP TLS, SMTP AUTH, POP TLS -a plea
From: van Helsing <vh () helith ! net>
Date: 2004-10-22 12:56:11
Message-ID: 20041022145611.4ab444de.vh () helith ! net
[Download RAW message or body]
On Fri, 22 Oct 2004 13:15:02 +0200
dmartini@uni-hohenheim.de (Daniel Martini) wrote:
> Hi,
>
> Citing OpenBSD <openbsd@shopip.com>:
> > Likewise, SMTP AUTH and TLS (i.e. STARTTLS) should be configured
> > out-of-the box too.
>
> I can't speak for the developers, but probably reasons for not doing
>
> this are:
> - SMTP AUTH requires sasl, which is not in the base system (at least
>
> for 3.5. Perhaps someone else can give us a clue, if there's a
> probability that this might change).
> - Enabling STARTTLS requires setting up keys and certificates for
> openssl.
> Doing this during install time adds to the installer and makes
> installs more complicated.
Dosn't SSH create keys too during the 1st boot?
So why shouldn't openSSL not able to do the same for SMTP?
And what's about Apacheand std-self-signed certs wich could be created
in the 1st-boot like SSH-Certs?
> - Anyways, sendmail in the default install is configured to only
> accept
> local connections. So what do you want to gain by using cryptography
>
> in this case?
>
> While I agree with you, that having these things is nice, I am not so
> sure (for above mentioned reasons), if it makes sense to enable this
> by default.
>
> Regards,
> Daniel
Btw: What's about the FTPd OpenBSD provide? No SSL option (even I use
sftp)... but with FTP I'm able to provide a chrooted HOME for users and
with SFTP I'm still not able to do that and Theo wont include any
chroot-solution in the SSH-Source.
Stunnel is NO real solution....
And lets talk about X and the nice port 6000...
Tell me 100 ppl. who need an open port 6000 in their std-config so
that it is required in the default installation for all users.
And disable the crap in the std-inetd if you wanna improve something....
Just improving 2 services isn't enought....
vh
p.s.
Somebody told me NetBSD has no open port for X.... maybe a nice
improvement somebody can include in oBSD?
[demime 0.98d removed an attachment of type application/pgp-signature]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic