Re: POP3 password in plaintext?

[Ted Zlatanov]

On Thu, 02 Oct 2014 10:58:10 +0900 "Stephen J. Turnbull" <address@hidden> 
wrote: 

SJT> Ted Zlatanov writes:
>> I think you mean `open-network-stream'?

SJT> No, I really do mean "password-read".  Mostly because not all
SJT> protocols demand authentication immediately on opening a stream.  Eg,
SJT> many sites can be accessed with HTTP, will switch to HTTPS without
SJT> authentication of the client, then present an HTML document for
SJT> login.

Clearly that's not possible, because the read password can be used at
any point by the Lisp code; it's just data from that point on. Do you
mean we should be able to send a password directly to a network or
process stream at the C level? That makes a lot of sense to me and
connects to the idea of "secret" data in the Emacs core.

SJT> I think the self-signed cert manager should default to one-time-only
SJT> or a short local expiration (1 hour? 1 day?) even if the cert is
SJT> long-lived.  Self-signature means that the server doesn't care to
SJT> devote much financial resources to security (which may be correlated
SJT> with carelessness concerning other security resources), and it's quite
SJT> possible that some of those will be evil sites, recognized as such by
SJT> user intuition, and I'd prefer to be warned about them on a second
SJT> approach.

That should be a user choice so yes it sounds reasonable, but no I don't
think it should be the default.

Ted