[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wednesday 20 April 2005 20:58, Henry Bremridge wrote:
<snip>Fetchmail can use encryption, IF the remote server supports it. Append ssl
to
the fetchmail line. This protects your password from being sniffed during
the
download phase. If your server does NOT support SSL for POP3, change! You can't afford to
send
Apologies for the length of this... Any assistance would be much appreciated: particularly if anyone knows a good website that I can sit and read through slowly with a several large
cups of
coffee.... My understanding and my problems are as follows: a) I can digitally sign email with GPG. This is fine, it works and I use it in Win98. Saves a lot of bother and time. Great. http://winpt.sourceforge.net/en/ Will use in Debian, once I have learnt a bit more about Debian.
Debian :-) , go for it.
b) GPG only verifies what I have written in an email (I have not been bothered by encryption as my email program does not support it in Win98).
A bit of a simplification but one of the things gpg does is prove that given *signed* text has not been tampered with and was indeed signed by a particular key. What it (can) also do if you have been invoved with key signings is (help to) prove identity or ownership of a particular key through chains of trust.
c) SSL *seems* to secure:
SSL works but it is very different to GPG, SSL is based on signing certificates and is based on hiertical trust, hence why someone at the top charges a lot of money to sign certificates (because they can).
i) The password for me to receive my email ii) The email itself as it comes from my pop3 to me and from me to my SMTP Is this correct?
I *think* this is correct, it would be nuts to just secure the data and not the auth but I am not a pop3 expert.
I am a loss however to understand the difference between SSL and SSH?
SSH is (in simple terms) a secure encrypted replacment for telnet (but it can do so much more). For instance i can SSH into my server at work where I get a linux login prompt but all my communications are encryped.
From what I have read my existing webhost will give me SSH, but to activate secure email, I get the following "Before you enable secure mail you must first install a secure certificate for your domain".
Yea, ssh gives you access to your webhost so you can get a shell session, nothing to do with secure email.
Given that the value of the certificates seems to be to secure email from my webhost to me, and not for any third party access. Where can I get these certificates from? (Apart from that is paying Thawte or Verisign or BT for them).
Can you upload your own certificates? Its fairly easy to generate certs under linux and *self sign* them then just upload your cert, *somthing* might moan the first time you use it but if you tell it to remember this cert or what ever then it will be fine. If it is for windows it is also easy to create your own CA (certificate authority) which you can sign your cert with then tell windows about your CA and it will not moan about your cert not being signed. This sounds complicated but its not really that bad at all.
I have tried one other site and have been told "SSL encryption is for rocket scientists and is not needed", which does not fill me with much enthusiam. The site was however strongly recommended by a reliable source and certainly the service was good and cheap.
The encryption techniques you discuss have much in common and also many differences so that adds to confusion. This might add to your confusion but i have a guide to creating certificates (using ssl on linux) on my website, they are actualy for a different purpose but the basic steps will be the same its just what cert files you send where i am not sure of in your case. if you want to be more confused then look at http://www.cornelius.demon.co.uk/X509-Cert-Generation.html Also consider at googling for "apache ssl howto" it might give you a background from the webserver perspective. You can ignore much of the webserver setup stuff as your webhost is alreay running but some of it may give foundations and it will have details of how to create certificates and what bits go where.
Finally what webhost do you use that does offer this service?
Only ever done it on my own apache servers so cant recommend a commercial one.
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html
-- Robin Cornelius --------------------------------------------------- robin@xxxxxxxxxxxxxxxxxxxxx http://www.cornelius.demon.co.uk http://sourceforge.net/projects/rt2400 GPG Key ID: 0x729A79A23B7EE764 http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764
Attachment:
pgp00022.pgp
Description: PGP signature