[JDEV] Re: SASL, deployment and coding
David Waite
mass at akuma.org
Tue Feb 4 19:05:22 CST 2003
Matthew Beacher wrote:
> David Waite wrote:
>
>> I do not want to use transport encryption, because
>> 1) it does not provide any solid security because of existing
>> non-encrypted connections, and because you cannot guarantee trust of
>> the remote endpoint across hops (in real-world terms, "a friend of a
>> friend of a friend once told me about this guy" should not have the
>> same amount of trust as actually knowing the person being talked
>> about directly.)
>> 2) it is impractical for many embedded applications.
>> 3) it puts unneccessary load on the server
>>
>> -David Waite
>
> The use of Transport Encryption is not up to the server, if a
> Transport Encryption is negoshiated during SASL, you must use it, if
> it is nigoshiated. This is according to cyrus SASL docs.
I don't believe I said otherwise.
-David Waite
More information about the JDev
mailing list