OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: p dont think (pdontthinkyahoo.com)
Date: Tue Apr 02 2002 - 16:46:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --- Lutz Jaenicke <Lutz.Jaenickeaet.TU-Cottbus.DE> wrote:
    > On Tue, Apr 02, 2002 at 05:18:24AM -0800, p dont think wrote:
    > > 2) lots of talk about certificates... but I am
    > > only interested in securing the transmission of
    > > my users' passwords with SSL, after which SASL will
    > > do what authentication I require. It is beginning
    > > to appear that I am mistaken in thinking that I can
    > > accomplish this with just public/private keys and
    > > no certificates - the same as I now do with my SSH
    > > connections to and from my machine.
    > > can someone explain the need for certificates
    > > and how i will be able to disperse them to my users
    > > (and if the use of certificates can be avoided in
    > > favor of just SSL)????
    >
    > The TLS protocol does rely on X.509 based PKI for authentication,
    > most SSH implementations rely on /etc/ssh/ssh_known_hosts
    > (even though X.509 recently received increasing interest for SSH, too).
    >
    > If you are satisfied with the SSH style security, you can use self
    > signed signatures and collect them in the appropriate CAfile.

    obviously i'm new to this (sorry!), but just to clarify, you are
    suggesting that i can sign my own certificate as outlined in your
    docs, put it in a CAfile, and (this is where i am most unclear)
    when a user first connects to postfix, they will be offered my
    certificate (once only)?

    > > 3) I am hoping that the TLS diff file will still
    > > work with the latest 1.1.7 snapshot 20020331....
    > > anyone know for sure?
    >
    > Yes, I just tried. It does not apply cleanly. The adjustments seem to
    > be small and can be done easily. I will consider to provide two Postfix/TLS
    > branches in parallel (one for the stable series and one for the snapshot
    > series) when the demand becomes large enough. My time is currently however
    > very limited so I will stay with one patch for the stable series for the
    > time being.
    > The patch 0.8.7 applies cleanly to Postfix-1.1.7 (stable).

    great, thank you!

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Tax Center - online filing with TurboTax
    http://taxes.yahoo.com/
    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users