[Ach] 9.2.1 Dovecot, some additions, questions
L. Aaron Kaplan
kaplan at cert.at
Tue Nov 19 22:47:26 CET 2013
On Nov 19, 2013, at 10:40 PM, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:
> On 19.11.2013, at 22:37, L. Aaron Kaplan <kaplan at cert.at> wrote:
>>> ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
>>> Does 24h sound reasonable? More or less?
>> For a typical server yes, for an embedded device no.
> Dovecot on embedded systems is a thing?
I was thinking of regenerating DH and forgot the context ;-)
> But ok, my Mac mini doesn't necessarily qualify as “server” for many others as well. :-)
> So 8h as proposal on common server hardware.
Fine for me
>> Is that plaintext within a TLS/SSL tunnel?
> Yes, exactly!
> allows plaintext authentication only when SSL/TLS is used first
Ok, but where do you see the problem then if you allow plaintext as long as it is within a TLS connection?
> Best regards
> Ach mailing list
> Ach at lists.cert.at
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Ach