From: tassium <tassium@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 24 Feb 2003 18:00:40 +0000 (+0000)
Subject: Insert a blurb about IMAPS on localhost being pointless.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=a8855d9ce6f8062065e109fe295ae318ce123f44;p=squirrelmail.git

Insert a blurb about IMAPS on localhost being pointless.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4538 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/doc/authentication.txt b/doc/authentication.txt
index deff3059..5ce65ed5 100644
--- a/doc/authentication.txt
+++ b/doc/authentication.txt
@@ -12,6 +12,11 @@ SMTP. TLS is able to be enabled on a per-service basis as well.
 Unless the administrator changes the authentication methods, SquirrelMail
 will default to the "classic" plaintext methods, without TLS.
 
+Note: There is no point in using TLS if your IMAP server is localhost. You need
+root to sniff the loopback interface, and if you don't trust root, or an attacker
+already has root, the game is over.  You've got a lot more to worry about beyond
+having the loopback interface sniffed.
+
 REQUIREMENTS
 ------------
 
@@ -23,7 +28,7 @@ CRAM/DIGEST-MD5
 
 TLS
 * SquirrelMail 1.3.3 or higher
-* PHP 4.3.0 or higher
+* PHP 4.3.0 or higher (Check Release Notes for PHP 4.3.x information)
 * The "STARTTLS" command is NOT supported.  The server you wish to use TLS
   on must have a dedicated port listening for TLS connections. (ie. port
   993 for IMAP, 465 for SMTP)