[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure pop?



You don't offer any idea of scale, 15 users, 40,000?  what.  Either
way:

APOP is one answer, but Netscape never supported it.  It's a good
answer, but it only hides passwords, messages are still CT.  Not a
problem on most LANs.  They like CERTS and SSL (which is fine, but
certainly not light on the CPU).  So you COULD use IMAP with SSL in
front and setup a CA.  Not bad for a medium to large company to have in
general.  Not easy, but you're not breaking new ground.

Kerberos works just fine for qpopper and Eudora and the like as well
and is much lighter weight than SSL (aka TLS) due to the shared key
rather than the public/private key computing needs.  Kerberos also
gets you towards 'single sign on' but it takes some effort to learn
(well worth it and nice on the old resume).

Outlook express I have no idea about - I just say no.

So, imap - cpu sucker.  SSL, also CPU sucker.  APOP fast, but netscape
free.   No recs because I have no idea how much Clue you folks have or
how big the place is.

Quoting Aaron Jackson (jackson@msrce.howard.edu):
> I'm in the processes of setting up a mail server (OpenBSD) for my office.
> After I showed the people in charge how easy it is to get passwords, they
> want to stay away from pop. However, they still want to use outlook express
> and netscape to read their email.  Is there a way to make popd communicate
> through a secure channel (or even imapd for that matter)?  I see some
> commercial products have this capability, but it is a much easier sell if
> the cost is low.  Thanks for any info.
> 
> Aaron Jackson