Re: Cyrus POP3 Issue

• Previous message: Jukka Salmi: "Re: cyrus daemons: -U option"
• Maybe in reply to: L. Mark Stone: "Cyrus POP3 Issue"
• Next in thread: Marco Colombo: "Re: Cyrus POP3 Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 11 Mar 2005, Marco Colombo wrote:

> Ok technically speaking SSL/TLS is not part of SASL. But the two are
> related. Maybe I'm biased by the fact that most of the connections I see
> are SSL+plaintext. So I was referring to SSL keys actually.

Sure, or, say, kerberos keys.

For what SASL is using it for, its a far lesser sin.

> I have to say I'm not familiar with CRAM-MD5/DIGEST-MD5. But in the latter
> the channel can be encrypted, so I guess at some point a shared session
> key is generated.

Yes, there is a session key here, but the information it is
based off of is the nonces (as I said, they need to be sent in the clear
anyway, so coming from urandom doesn't matter that much), the shared
secret, and some static text.

See RFC 2831.

-Rob

---------------------------------------------------------------------
Rob Siemborski

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

• Previous message: Jukka Salmi: "Re: cyrus daemons: -U option"
• Maybe in reply to: L. Mark Stone: "Cyrus POP3 Issue"
• Next in thread: Marco Colombo: "Re: Cyrus POP3 Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]