On 12/10/2013 12:49 PM, Wolfgang Breyha wrote: > cyrus distinguishes between asking for a cert and requiring a cert. I don't > know why, sorry. Sometimes it is practical to ask for a cert and only try to > verify it without enforcing it. But asking for certs while incapable to verify > them (without CAs) seems odd. That's why I decided to do it that way. Maybe the existing options could just be extended, like in the Postfix setting for TLS, e.g. tls_imap_require_cert: no|ask|require I think, having logical options which are clear to the admin are better than some implicit consequences which are not not bilaterally logical. I don't know if I express this right/understandable :). The background is that a bunch of TLS tutorials on the web include configuring the CA but not explaining in detail why, so an inexperienced admin could assume that he should put the CA certificate for the server cert's CA there. -Stefan -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
