Subject: Re: imap-uw package and SSL
To: David Burgess <burgess@neonramp.com>
From: Rick Byers <rb-netbsd@BigScaryChildren.net>
List: tech-pkg
Date: 08/13/2002 16:00:40
On Tue, 13 Aug 2002, David Burgess wrote:
> Actually, creating valid certificates isn't a problem - I have a script
> that does (almost) all the work. Once you add the noverify tag, life is
> good. Remember, the point is to encrypt the data on the way out of the
> server, so having the system be "TLS ready" and simply not turn it on is
> fine with me.
> If there was a PR required for this, it would be to make sure the noverify
> flag is set in the example file and that the text makes it clear that the
> certs are checked whether you use SSL or not. Basically, something along
> the lines of "unless you bought a cert, do not remove the /noverify flag".
But the /noverify tag is required on each client. Won't all my
customers who connect with their regular mail clients start getting
errors? Sure, I'd rather have encryption than nothing, but not from the
end users point of view everything worked fine without encryption,
but adding encryption give them a warning or error message they didn't get
before. So, I think I'd rather just stick with no encryption until the
time I decide that its worthwhile to purchase a valid certificate.
Rick