SSL wrapping or SSH tunnelling? Which is more secure?
Dominic Mitchell
dom at happygiraffe.net
Mon Aug 19 23:06:42 BST 2002
On Mon, Aug 19, 2002 at 06:56:20PM +0100, Jonathan Dean wrote:
> Quick question:
> Which method is considered more secure for services such as POP3 and IMAP4?
> Making users use ssh tunnels to access the services or wrapping the
> services in ssl using stunnel?
> Any views will be greatfully recieved.
Both services are probably on a par. It really depends upon the skil of
your user base. Using ssh will require people to have a shell account
on your box, which you may not desire. Also, the interface for setting
it up, isn't the best.
Using stunnel avoids this, as most clients have builtin support for POP
/ IMAP over SSL. Just turn on the "secure" checkbox, usually. The
down side is that you might need to delve into the nasty world of
x509 certificates to get stunnel going[1].
-Dom
[1] Ok, it's not that bad. I've just spent far too long these past few
days figuring out ho to become my own CA...
More information about the Ukfreebsd
mailing list