require_ssl with SASL secure layers

Julien ÉLIE julien at trigofacile.com
Mon Jun 1 09:13:11 UTC 2009


Hi Jeffrey,

>> I think we could rename the require_ssl: parameter in readers.conf
>> to something like require_encryption: in order to take into account
>> both a successful STARTTLS command (or "nnrpd -S") and a successful
>> AUTHINFO SASL with a negotiation of a secure layer.
>
> Sounds lovely.

OK, I will try to add the logic for that.


> (The thought crossed my mind of trying to add a little more expressive
> power to it, by changing from boolean to a list, where the user could
> specify exactly what would be adequate encryption for a given block to be
> tried, e.g. "require_encryption: TLS, SASL.CRAM-MD5, SASL.DIGEST-MD5" but
> then I thought that might be trouble than it's worth.)

It may be harder for people to configure; in case they add a new SASL
mechanism to their servers, they would have not to forget to add it
in readers.conf.  It could be a future improvement, though, if news
admins have the need.

-- 
Julien ÉLIE

« -- Et souvenez-vous ! La seule chose que nous ayons à craindre,
  c'est que le ciel nous tombe sur la tête !
  -- ...Et souvenez-vous, Romains, la seule chose que nous ayons
  à craindre, c'est les Gaulois ! » (Astérix) 




More information about the inn-workers mailing list