[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Proxy support patch



On Mon, Oct 13, 2014 at 4:29 PM, Martin Lambers <marlam@...23...> wrote:
> 1. Is there any need for anything except SOCKS5? It has been around for
> ages, does anybody really still need SOCKS4?

Perhaps for the latter you mean tow two of "SOCKS4"
and/or "SOCKS4a".

Of all the apps I've used, if they only supported one version
I'd say 75% chose "SOCKS5". Newer apps/support seems
to always be for socks5, this is probably due to the all in
one feature set of socks5 with little extra client code needed
over socks4 and socks4a.

If you also mean "HTTP[S] CONNECT" proxy, I've not
had much use case there.

You could also search for any of these proxy types and
the phrase "proxy list" to get an idea of what's out there.
In that context of "getting a connection through", they
all have merit.

> 2. Nobody protects the SOCKS5 protocol with TLS, right?

I have never seen this in use. Nor have I heard about it outside
of the two possible spec links I sent. Back then everything was
plaintext :)

Though it certainly would make sense for someone to deploy it if
they were sending their socks auth/stream over LAN/WAN as opposed
to localhost. I've not surveyed all the implementations to see if
they support it.

> 3. Is there a valid use case for SOCKS5 authentication? It only
> supports unprotected user/password transmission (well, and GSSAPI, but
> nobody uses that). This makes it pretty useless.

I have seen socks user/pass auth commonly used in corporate LANs
and private enclaves, so I would actually suggest supporting that. Tor
also supports it explicitly as a socks5 client, and heuristically as a
server, so they reached the same conclusions regarding use of
user/pass auth.

I've never seen GSSAPI, again pending the above survey if I ever get
around to it.

> If we only need SOCKS5 without TLS and possibly also without
> authentication

I think SOCKS5, with auth option, and with IPv6 support would be the
minimum requirement, which also happens to cover most users needs.

If the framework is made extensible then other things
can be added later based on user feedback.