[mew-int 2184] Re: confirm 2aba38db059d444b7c3467a469df883f30433c71

[Kazu Yamamoto ( 山本和彦 )]

Hello again,

> 2. IMAP + GSSAPI (imtest):
> As IMAP + ssl is nice, IMAP + GSSAPI would fit me better. There is a
> program shipped with cyrus imapd called imtest that I want to use. As
> a start I have modified mew-open-ssl-stream (see below). In the future
> this would be mew-open-gssapi-stream. This starts imtest and connects
> to the server. But after "Running1" below, synchrinzation between mew
> and imtest seems to be lost because imtest has allready done all the
> login and greeting and so on.

Do you know any documentation how to use GSSAPI in IMAP?
I tried to find it but could not.

> So I would need some way for the IMAP state machine to start here
> instead of with the greeting.

If my observation is correct, "imtest" is not suitable for Mew.

Let me explain with TLS examples. There are two popular
implementations for TLS: "stunnel" and "gnutls".

IMHO, "gnutls" is implemented by a programmer who don't know TLS well.
TLS is designed to a *wrapper* protocol. After the STARTTLS command, a
session (e.g. IMAP) is created again. This means that the new session
should start with greeting again.

"stunnel" does STARTTLS and creates an encrypted channel and passes it
to another program (like Mew) that speaks a plain protocol (e.g. IMAP)
with greeting *copied*. What the program should do is just handle the
plain protocol without any knowledge about TLS. Thanks to "stunnel",
TLS is invisible to the program.

It is hard for another program to use "gnutls" since it is not
implemented as a wrapper.

I guess "imtest" is like "gnutls". And if you want to support GSSAPI
in Mew, we need to find a GSSAIP wrapper like "stunnel" which kindly
copies server's greeting.

My previous patch for "stunnel" is the code to speak STARTTLS and to
copy IMAP-server's greeting in a TLS client side.

--Kazu