SASL vs TLS
 

Hi.


What is the difference in use between SASL and TLS? I don't seem to find any good documentation on this. The can provide much the same services (authentication and encryption) if set up correctly.

I'm going to deploy an LDAP server, an need a better understanding of SASL before deciding on wheter to use TLS or SASL (possibly with TLS).

AFAIK SASL is used for authentication and TLS for traffic encryption. So the shortest answer IMHO: they are complementary.

I thought they were complementary too. But then I read in the documentation that SASL is an alternative to SSL/TLS. In addition, both TLS and SASL seem to provide (if needed) both authentication and encryption. It may be that SASL can use TLS for encryption. So the way I see it I have to choose between using TLS and/or SASL, but I'm not sure what the benefits of SASL are.

Uh. Some processes or clients only understanding SASL-auth and TLS-encr?

May be I'm wrong in posting here again (very old post) but the question is not solved and I'm facing now the same doubts.

As actually, all my researches on the web about "SASL versus TLS" point toward "SSL versus TLS",
I figure here is the best place to follow on... (sorry if not).

I'm musing around to setup my first Postfix + Dovecot mail server,
and for now what î understand about SASL and TLS is:

+ TSL creates an encrypted secure tunnel between client and server.

+ SASL allows server to show a list of means to the client in order that client to be authenticated as a valid sender.


What is less clear to me is who is playing first?

It seems (to me) logical to set secured tunnel first but not sure.

May be I miss other important aspect in this business?


Thanks for reading.