Firewalls: Re: POP3 proxy

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: POP3 proxy
From:	Tony Iannotti <tony @ fozzie . secapl . com>
Date:	Wed, 6 Nov 1996 22:04:05 -0500 (EST)
To:	Adam Shostack <adam @ homeport . org>
Cc:	otterley @ digigami . com, admin @ unicc . org, firewalls @ GreatCircle . COM
In-reply-to:	<199611070254 . VAA09287 @ homeport . org>

On Wed, 6 Nov 1996, Adam Shostack wrote:

> 	A pop proxy should also do a better job of managing brute
> force attacks than plug can.

  I had not thought of incoming POP yet, but of course the other end would
also want such protection. I have some POP servers on the inside that I
cannot touch while on the net, would be nice to be able to get to them
from anywhere. 

> 	Also consider requiring apop or kerberos authentication to the
> proxy, and then translate that into a uname/password combination if
> thats all your internal machine requires/supports.

  I think the newest qpop does apop, and IMHO should be required.

> 	Encrypting & authenticating this link is a very good idea, on
> top of apop.  Kerberized mail, if I remember correctly, will be
> encrypted on the wire.

  I thought kerberos only did authentication, not session encryption?

Follow-Ups:

Re: POP3 proxy
From: Craig Brozefsky <cosmo @ ebs . net>

References:

Re: POP3 proxy
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	Re: Secure email package From: Adam Burns <adamb @ peg . apc . org>
Indexed By Date	Next:	Re: NCSA Certification From: Kevin Steves <stevesk @ nsr . hp . com>
Indexed By Thread	Previous:	Re: POP3 proxy From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	Re: POP3 proxy From: Craig Brozefsky <cosmo @ ebs . net>