SSL wrapping or SSH tunnelling? Which is more secure?

Jonathan Dean jon.dean at deanuk.net
Tue Aug 20 20:58:01 BST 2002


--=====================_31352322==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

Cheers for everyone's views, played around with stunnel got that working so 
will stick with that for POP3 and IMAP at least.
Thanks again,
Jon
At 23:06 19/08/2002, Dominic Mitchell wrote:
>On Mon, Aug 19, 2002 at 06:56:20PM +0100, Jonathan Dean wrote:
> > Quick question:
> > Which method is considered more secure for services such as POP3 and IMAP4?
> > Making users use ssh tunnels to access the services or wrapping the
> > services in ssl using stunnel?
> > Any views will be greatfully recieved.
>
>Both services are probably on a par.  It really depends upon the skil of
>your user base.  Using ssh will require people to have a shell account
>on your box, which you may not desire.  Also, the interface for setting
>it up, isn't the best.
>
>Using stunnel avoids this, as most clients have builtin support for POP
>/ IMAP over SSL.  Just turn on the "secure" checkbox, usually.  The
>down side is that you might need to delve into the nasty world of
>x509 certificates to get stunnel going[1].
>
>-Dom
>
>[1] Ok, it's not that bad.  I've just spent far too long these past few
>days figuring out ho to become my own CA...

---
Jonathan Dean
jon.dean at deanuk.net     www.jondean.com

Dept. Computer Science, University of Exeter, UK.
j.s.dean at ex.ac.uk       www.dcs.ex.ac.uk

Network Manager, Dean UK Networks.
root at deanuk.net www.deanuk.net

--=====================_31352322==.ALT
Content-Type: text/html; charset="us-ascii"

<html>
Cheers for everyone's views, played around with stunnel got that working
so will stick with that for POP3 and IMAP at least.<br>
Thanks again,<br>
Jon<br>
At 23:06 19/08/2002, Dominic Mitchell wrote:<br>
<blockquote type=cite class=cite cite>On Mon, Aug 19, 2002 at 06:56:20PM
+0100, Jonathan Dean wrote:<br>
&gt; Quick question:<br>
&gt; Which method is considered more secure for services such as POP3 and
IMAP4?<br>
&gt; Making users use ssh tunnels to access the services or wrapping the
<br>
&gt; services in ssl using stunnel?<br>
&gt; Any views will be greatfully recieved.<br><br>
Both services are probably on a par.&nbsp; It really depends upon the
skil of<br>
your user base.&nbsp; Using ssh will require people to have a shell
account<br>
on your box, which you may not desire.&nbsp; Also, the interface for
setting<br>
it up, isn't the best.<br><br>
Using stunnel avoids this, as most clients have builtin support for
POP<br>
/ IMAP over SSL.&nbsp; Just turn on the &quot;secure&quot; checkbox,
usually.&nbsp; The<br>
down side is that you might need to delve into the nasty world of<br>
x509 certificates to get stunnel going[1].<br><br>
-Dom<br><br>
[1] Ok, it's not that bad.&nbsp; I've just spent far too long these past
few<br>
days figuring out ho to become my own CA...</blockquote>
<x-sigsep><p></x-sigsep>
<font size=2>---<br>
<b>Jonathan Dean<br>
</b>jon.dean at deanuk.net<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><a href="http://www.jondean.com/" eudora="autourl">www.jondean.com</a><br><br>
Dept. Computer Science, University of Exeter, UK.<br>
j.s.dean at ex.ac.uk<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><a href="http://www.dcs.ex.ac.uk/" eudora="autourl">www.dcs.ex.ac.uk</a><br><br>
Network Manager, Dean UK Networks.<br>
root at deanuk.net<x-tab>&nbsp;</x-tab><a href="http://www.deanuk.net/" eudora="autourl">www.deanuk.net</a><br>
</font></html>

--=====================_31352322==.ALT--






More information about the Ukfreebsd mailing list