[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rationale for this change?
From: |
Simon Josefsson |
Subject: |
Re: Rationale for this change? |
Date: |
Tue, 10 Jan 2006 15:05:46 +0100 |
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) |
David Kastrup <address@hidden> writes:
> Simon Josefsson <address@hidden> writes:
>
>> David Kastrup <address@hidden> writes:
>>
>>> 2005-12-05 Ralf Angeli <address@hidden>
>>>
>>> * mail/smtpmail.el (smtpmail-try-auth-methods):
>>> Send credentials together with "AUTH PLAIN" command.
>>>
>>> Could you shed any light on what problem this change is intended to
>>> fix?
>>
>> The AUTH PLAIN command is not sent if the server did not advertise
>> support for AUTH PLAIN. See RFC 2554. The earlier behavior violated
>> a SHOULD in RFC 2222 § 5.1.
>>
>> So security-wise, it is not worse than before.
>
> Ah, ok. I think rationales like that should be mentioned in the
> ChangeLog. Even if just as "(RFC 2222 § 5.1)".
I have added the following comment in the source code:
;; We used to send an empty initial request, and wait for an
;; empty response, and then send the password, but this
;; violate a SHOULD in RFC 2222 paragraph 5.1. Note that this
;; is not sent if the server did not advertise AUTH PLAIN in
;; the EHLO response. See RFC 2554 for more info.
Thanks!
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Rationale for this change?,
Simon Josefsson <=