Security Basics mailing list archives

Re: Digital Certificates - POP & IMAP

From: "Brian J. Smith-Sweeney" <bsweeney () physics ucsb edu>
Date: 07 May 2003 09:12:50 -0700

I'd actually be willing to bet they dont' mean to infer you can't use
IMAP, particularly since the digital signing happens when you're sending
mail and IMAP isn't the protocol used for sending (presumably SMTP is,
unless you're on an interesting system).  I think they meant to say you
can't use the digital ID with something like a web-based email service
(hotmail, yahoo mail, msn, etc), in which case it's just poorly worded. 
What they really should say, if I'm right about what they meant, is
something like

        "To use a digital ID, you must be using a supported email client (with
link to a list of said supported clients).  Web-based email systems are
not yet supported by Verisign for use with Digital ID."

I would further guess that the reason this is worded this way is because
someone at Verisign brought up web-based systems when they were in a
marketing meeting, and someone else (with slightly less than a full
clue) said "yeah, we can't support webmail systems.  I think they use
IMAP, right?".  Thus, the marketspeak folks decided the Digital ID
doesn't support IMAP.  

But that's just my opinion.  I could be wrong.

The world may never know the truth, unless someone from Verisign checks
this list =).

-Brian
-- 
========================================
Brian Smith-Sweeney
Senior Systems Administrator
University of California, Santa Barbara
Physics Department
bsweeney () physics ucsb edu
========================================
On Tue, 2003-05-06 at 09:40, Scott Walter wrote:

When using digital certificates for secure email, why would the email 
protocol you use make any difference.  Why does Verisign explicitly say 
you must use a POP client, inferring that IMAP cannot be used?

http://www.verisign.com/products/class1/index.html
"NOTE: In order to secure your e-mail with a Digital ID, you must use 
your ID with a POP based e-mail client."




---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------

Current thread:

Digital Certificates - POP & IMAP Scott Walter (May 06)
- Re: Digital Certificates - POP & IMAP Jeremy Gaddis (May 07)
- Re: Digital Certificates - POP & IMAP Brian J. Smith-Sweeney (May 07)