Re: POP3 password in plaintext?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From:	Lars Magne Ingebrigtsen
Subject:	Re: POP3 password in plaintext?
Date:	Tue, 30 Sep 2014 16:17:50 +0200
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

> http://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause
>
> says that POP3 passwords are sometimes transmitted in plain text.
>
> Is plaintext transmission of passwords inherent in POP3
> or is it optional?

Modern pop3 servers support STARTTLS, and Emacs will upgrade to a TLS
connection whenever the server supports it.  (If you have an Emacs
compiled with gnutls support, but I would guess that almost all Emacs
instances has that.)

Virtually all the Emacs network transports that I know of will upgrade
to TLS opportunistically, if the servers allow it, so Emacs should send
no passwords unencrypted.

The only exceptions are HTTP and IRC, unless the latter has been fixed
lately.  And there are hopefully nobody who does a login that matters
over HTTP.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

POP3 password in plaintext?, Richard Stallman, 2014/09/29
- POP3 password in plaintext?, Stephen J. Turnbull, 2014/09/29
  - Re: POP3 password in plaintext?, Ted Zlatanov, 2014/09/30
  - Re: POP3 password in plaintext?, Richard Stallman, 2014/09/30
- Re: POP3 password in plaintext?, Lars Magne Ingebrigtsen <=
  - Re: POP3 password in plaintext?, Richard Stallman, 2014/09/30

Prev by Date: Re: Version naming
Next by Date: Re: Error compiling rmailmm.el
Previous by thread: Re: POP3 password in plaintext?
Next by thread: Re: POP3 password in plaintext?
Index(es):
- Date
- Thread