|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lutz Jaenicke (Lutz.Jaenicke
aet.TU-Cottbus.DE)Date: Tue Apr 02 2002 - 11:20:35 CST
On Tue, Apr 02, 2002 at 05:18:24AM -0800, p dont think wrote:
> 2) lots of talk about certificates... but I am
> only interested in securing the transmission of
> my users' passwords with SSL, after which SASL will
> do what authentication I require. It is beginning
> to appear that I am mistaken in thinking that I can
> accomplish this with just public/private keys and
> no certificates - the same as I now do with my SSH
> connections to and from my machine.
> can someone explain the need for certificates
> and how i will be able to disperse them to my users
> (and if the use of certificates can be avoided in
> favor of just SSL)????
The TLS protocol does rely on X.509 based PKI for authentication,
most SSH implementations rely on /etc/ssh/ssh_known_hosts
(even though X.509 recently received increasing interest for SSH, too).
If you are satisfied with the SSH style security, you can use self
signed signatures and collect them in the appropriate CAfile.
> 3) I am hoping that the TLS diff file will still
> work with the latest 1.1.7 snapshot 20020331....
> anyone know for sure?
Yes, I just tried. It does not apply cleanly. The adjustments seem to
be small and can be done easily. I will consider to provide two Postfix/TLS
branches in parallel (one for the stable series and one for the snapshot
series) when the demand becomes large enough. My time is currently however
very limited so I will stay with one patch for the stable series for the
time being.
The patch 0.8.7 applies cleanly to Postfix-1.1.7 (stable).
Best regards,
Lutz
-- Lutz Jaenicke Lutz.Jaenicke
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]