Re: Rationale for this change?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rationale for this change?

From:	Simon Josefsson
Subject:	Re: Rationale for this change?
Date:	Tue, 10 Jan 2006 15:05:46 +0100
User-agent:	Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

David Kastrup <address@hidden> writes:

> Simon Josefsson <address@hidden> writes:
>
>> David Kastrup <address@hidden> writes:
>>
>>> 2005-12-05  Ralf Angeli  <address@hidden>
>>>
>>>     * mail/smtpmail.el (smtpmail-try-auth-methods):
>>>     Send credentials together with "AUTH PLAIN" command.
>>>
>>> Could you shed any light on what problem this change is intended to
>>> fix?
>>
>> The AUTH PLAIN command is not sent if the server did not advertise
>> support for AUTH PLAIN.  See RFC 2554.  The earlier behavior violated
>> a SHOULD in RFC 2222 § 5.1.
>>
>> So security-wise, it is not worse than before.
>
> Ah, ok.  I think rationales like that should be mentioned in the
> ChangeLog.  Even if just as "(RFC 2222 § 5.1)".

I have added the following comment in the source code:

        ;; We used to send an empty initial request, and wait for an
        ;; empty response, and then send the password, but this
        ;; violate a SHOULD in RFC 2222 paragraph 5.1.  Note that this
        ;; is not sent if the server did not advertise AUTH PLAIN in
        ;; the EHLO response.  See RFC 2554 for more info.

Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Rationale for this change?, Simon Josefsson <=

Prev by Date: windows-XXXX and cpXXXX
Next by Date: Removing list identifiers in rmail (was: Changes to emacs/lisp/mail/rmail.el)
Previous by thread: windows-XXXX and cpXXXX
Next by thread: Removing list identifiers in rmail (was: Changes to emacs/lisp/mail/rmail.el)
Index(es):
- Date
- Thread