[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POP3 password in plaintext?
From: |
Ted Zlatanov |
Subject: |
Re: POP3 password in plaintext? |
Date: |
Wed, 01 Oct 2014 09:22:53 -0400 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (darwin) |
On Wed, 01 Oct 2014 13:00:56 +0900 "Stephen J. Turnbull" <address@hidden>
wrote:
SJT> It's not clear to me that there's a good way to do it. Perhaps having
SJT> the `password-read' function (and any other functions that are used to
SJT> read passwords) check for unencrypted connections and warn the user
SJT> would work.
I think you mean `open-network-stream'?
On Tue, 30 Sep 2014 22:42:50 -0700 David Caldwell <address@hidden> wrote:
DC> Modern POP/IMAP clients tend to have a checkbox or a setting to require
DC> SSL/TLS when connecting. If the protocol doesn't start TLS (and isn't
DC> connected to an SSL port) then it is considered a connection error. This
DC> setting is configured up-front, at the same time that the user
DC> configures the server name and port. In this day and age it might make
DC> sense to have such a checkbox default to "on".
I agree for most protocols, now that almost all our platforms support
GnuTLS. I think it would also help to have a certificate manager UI,
especially for self-signed certificates. I'd like to work on it after
the impending release.
Ted