[Kolab-devel] reason for unencrypted services being enabled per default

Martin Konold martin.konold at erfrakon.de
Fri Aug 27 10:54:04 CEST 2010


Am 26.08.2010 18:01, schrieb Gunnar Wrobel:
> Hi,
>
> Zitat von Silvan Marco Fin <silvan at kernelconcepts.de>:
>
>   
>> Hi!
>>
>>   Is there a particular reason, why the kolab services (imap, smtp,
>> http, ldap) are configured to accept unencrypted connections per
>> default? 
>>     
> I assume there were some good reasons in the past to choose the  
> defaults as we have them now. And one might have been "Outlook".
Outlook is not the culprit here.

SMTP: Connections from outside are typically unencrypted and
unauthenticated. Authenticated connections shall be encrypted.

HTTP: We automatically redirect to HTTPS.

For all other protocolls the reason for allowing unencrypted
communication is that encryption only makes sense with an appropriate
certificate management. The later is not part of the kolab distribution
sofar and is typically not fully implemented in standard installations.

We therefore decided to enable and encourage the use of SSL while not
enforce its usage in every case in the default setup. Changing this is
only some mouse clicks away on the settings page in the admin interface.

Yours,
-- martin




More information about the devel mailing list