[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] modernizing smtp message submission
From: |
David Levine |
Subject: |
Re: [Nmh-workers] modernizing smtp message submission |
Date: |
Wed, 09 Jul 2014 23:32:33 -0400 |
Ken wrote:
> PLAIN is not; it sends the password in the clear (well, it's base64
> encoded for SMTP and you're only supposed to use it over an
> encrypted channel, but you get the idea). If you do that with an
> untrusted server, boom, there goes your password. Maybe that's not
> a valid concern, but I'd rather require the user to configure that.
The proposal is to only use PLAIN with encryption:
i) if TLS is in play, use internal PLAIN if the server supports it, else
ii) fail
David
- Re: [Nmh-workers] modernizing smtp message submission, (continued)
Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/07
Re: [Nmh-workers] modernizing smtp message submission, bergman, 2014/07/08
Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/08
Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/08
Re: [Nmh-workers] modernizing smtp message submission, Bob Carragher, 2014/07/09
Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/09
Re: [Nmh-workers] modernizing smtp message submission,
David Levine <=