[ingo] Sieve over SSL/TLS?

[Jan Schneider]

Zitat von Aleksandar Milivojevic <alex at milivojevic.org>:

> Jan Schneider wrote:
>> Zitat von alex at milivojevic.org:
>>
>>> I've had a peek at Net_SIEVE module, and it seems it only parses the
>>> capabilities and sets flag if STARTTLS is present in the list of
>>> capabilities. Not sure if this just reflects future plans to add
>>> support for it in Net_SIEVE,
>>> or if applications using it can issue raw STARTTLS, handle TLS handshake
>>> themself and provide callback functions for read/write (that would
>>> encrypt/decrypt data stream, something like proftpd implements TLS).
>>
>> While this would technically be possible, it would require to port a
>> complete TLS library to PHP, which is a bad idea IMO.
>
> Hm, not sure if I understood this part.  There's really no difference
> when building SSL channel after connect, or building it after server
> acknowledges STARTTLS.  The SSL handshake that happens after STARTLS (in
> plaintext versions of protocols) is exactly the same thing as SSL
> handshake that happens after connection establishement in "s" versions

The difference is that you do TLS handshakes on an existing connection. 
PHP has no builtin support for such a thing, even SSL connections are 
handled as wrappers in PHP internally, you can't use them from userland 
code.
As the whole sieve protocol is implemented in PHP userland code 
(Net_Sieve), you would need a way to hand the existing TCP connection 
over to the TLS handshake code.

> of protocols.  So if it is possible to have SSL encrypted connection for
> IMAP protocol, I don't see why not SIEVE?

Because the IMAP protocol is implemented as an extension, and not even 
this extension is doing the communication but the (external) c-client 
library. There also exist userland implementations of the IMAP protocol 
that lack TLS support too.
If there was a PHP extension for sieve, that would be a different story.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/