On 05/15/2005 05:29 AM, Scott Lowe wrote:
> I'm experimenting with the use of Perdition as an IMAP4S proxy in front
> of a proprietary messaging system. Perdition will accept the IMAP4S
> connection, then send unencrypted IMAP4 to the back-end messaging system.
>
> I'm a bit concerned, though, that the IMAP4S connection isn't
> necessarily as secure as I would like. In particular, I am concerned
> about the IMAP4 client sending authentication credentials before the TLS
> connection has been established. I've been reviewing RFC 3501 in an
> effort to verify that the IMAP4 client first sends a CAPABILITY command
> before attempting to authenticate. If so, then Perdition will return
> both the STARTTLS and LOGINDISABLED responses, indicating that the TLS
> connection must first be established, then authentication will be
> permitted.
>
> Anyone have a clue on this one? Packet captures thus far have been
> inconclusive...although this may be due to my inexperience with tcpdump.
I think, Ethereal may help a lot; is more intutive as compared to tcpdump.
Inspired from a Net::SMTP Client Library in standard Ruby Libs, I've
developed Net::NNTP Client Library; plz have a look at detailed docs as
well as source at ...
Home:
http://nntp.rubyforge.org/
Download:
http://rubyforge.org/projects/nntp/
But implementation of some of the Authentication methods is incomplete
in both of the above packages. I have searched a number of RFC's and, or
drafts, but me too am clueless till yet.
I would love to hear from you on any further progress.
Regards,
--
Dr Balwinder Singh Dheeman Registered Linux User: #229709
CLLO (Chief Linux Learning Officer) Machines: #168573, 170593, 259192
Anu's Linux@HOME Distros: Ubuntu, Fedora, Knoppix
More:
http://anu.homelinux.net/~bsd/ Visit:
http://counter.li.org/
Similar Threads
Linear Mode
