require_ssl with SASL secure layers
julien at trigofacile.com
Mon Jun 1 09:13:11 UTC 2009
>> I think we could rename the require_ssl: parameter in readers.conf
>> to something like require_encryption: in order to take into account
>> both a successful STARTTLS command (or "nnrpd -S") and a successful
>> AUTHINFO SASL with a negotiation of a secure layer.
> Sounds lovely.
OK, I will try to add the logic for that.
> (The thought crossed my mind of trying to add a little more expressive
> power to it, by changing from boolean to a list, where the user could
> specify exactly what would be adequate encryption for a given block to be
> tried, e.g. "require_encryption: TLS, SASL.CRAM-MD5, SASL.DIGEST-MD5" but
> then I thought that might be trouble than it's worth.)
It may be harder for people to configure; in case they add a new SASL
mechanism to their servers, they would have not to forget to add it
in readers.conf. It could be a future improvement, though, if news
admins have the need.
« -- Et souvenez-vous ! La seule chose que nous ayons à craindre,
c'est que le ciel nous tombe sur la tête !
-- ...Et souvenez-vous, Romains, la seule chose que nous ayons
à craindre, c'est les Gaulois ! » (Astérix)
More information about the inn-workers