[imp] imp 2.3.x vs TWIG

Jeff Greenfield jgreen@calvin.edu
Sun, 28 Jan 2001 12:00:43 -0500

Previous message: [imp] Horde / IMP on RH7.0 ??
Next message: [imp] imp 2.3.x vs TWIG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> Am I the lone voice of dissent on this issue?
>Not at all!  Remember all this will be strictly optional.

I would never recommend this type of system for everyone either!  It
seems to me that particular sites would find a single-sign-on mail
client for multiple mailboxes quite useful.  Over this next summer, I
once again need to meet with my group of users and discuss IMP 2.2.x vs.
2.4.x (given it's release status) vs. MailSpinner (a mail package that
will be built into our newly purchased Portal, Blackboard).  In quick
glance of MailSpinner, the feature of adding more than the default
IMAP/POP3 mailbox, and have them show up in 1 folders listing is
appealing for quite a few.

>> I don't want IMP to store passwords in a database permanently.
>Well, this depends on what kind of crypto strength you use, but it
will
>be near-impossible to brute-force the attacks unless you also give
them 
>the decoding key, which shouldn't be stored in the database.

I like the idea of the users primary password used as the encryption
for the other passwords - but to make that able to be implemented, I'd
bet that it would be very difficult to use the "primary" IMAP/POP3
server password as the key.  Thinking about the many different ways
people change their passwords on IMAP/POP3 servers, this would be really
hard to sync.  However, if there is a "Horde" password, separate from
mailbox passwords, then you'll only be able to change the Horde password
from known utilities, which can re-crypt the other passwords in the
process...

>> I don't want to sound like the sky is falling, but I get worried
when an
>> intermediate system wants to save my password.  Is it that hard for
me to
>> type it in every time?

My answer to this question: yes.  Single, secure sign-on is an ideal
for a lot of companies.  Just look at how many are going to portal
solutions for all of those web-components they normally have to log into
separately.  Look at companies like Netegrity, whose whole buisness is
to me a "middleman" for passwords...

>The rewriting would be to be rewrite the folders to something 
>like INBOX.Work.SubFolders and INBOX.Personal.SubFolders, for
example.

That would be the implementation I would work for.  Clearly separate
folders, but all accessable within 1 client / login.

<><><><><><><><><><><><><><><><><><>
Jeff Greenfield <jgreen@calvin.edu>
Calvin College Information Technologies
Systems Engineer / Webmaster / Postmaster

Previous message: [imp] Horde / IMP on RH7.0 ??
Next message: [imp] imp 2.3.x vs TWIG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]