Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Delivering mail to folders

Edward Ned Harvey (blu) wrote:
>David Kramer wrote:
>> ...would it be reasonable and possible to use a self-signed cert for starters...
> Ever-so-slightly better than no encryption.

Huh? We're talking about using a self-signed cert for IMAP access, right?

Self-signed certs have all the same cryptographic benefits as a CA
signed cert, including having your client validate the cert, if you
install your own root cert on your clients.

The only down-side to self-signed certs is the inconvenience of having
to install the root certs on your clients. This is why they aren't used
for public web sites.

Even without installing a root cert, many clients will warn you about
the invalid cert, and if you agree to connect anyway, they give an
option to let you store the exception. If implemented correctly, the
client will warn again if the cert fingerprint changes, raising the bar
(but not preventing) a MITM attack.


Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /