[Ach] 9.2.1 Dovecot, some additions, questions

L. Aaron Kaplan kaplan at cert.at
Tue Nov 19 22:47:26 CET 2013


On Nov 19, 2013, at 10:40 PM, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:

> 
> On 19.11.2013, at 22:37, L. Aaron Kaplan <kaplan at cert.at> wrote:
>>> ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
>>> Does 24h sound reasonable? More or less?
>> For a typical server yes, for an embedded device no.
> Dovecot on embedded systems is a thing?
Ok, touche!
I was thinking of regenerating DH and forgot the context ;-)

> But ok, my Mac mini doesn't necessarily qualify as “server” for many others as well. :-)
> 
> So 8h as proposal on common server hardware.
> 
Fine for me

> 
>>> disable_plaintext_auth=yes
>> Is that plaintext within a TLS/SSL tunnel?
> Yes, exactly!
> allows plaintext authentication only when SSL/TLS is used first

Ok, but where do you see the problem then if you allow plaintext as long as it is within a TLS connection?

> 
> Best regards
> Pepi
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/9b628dd0/attachment.sig>


More information about the Ach mailing list