[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] modernizing smtp message submission
From: |
Ken Hornstein |
Subject: |
Re: [Nmh-workers] modernizing smtp message submission |
Date: |
Wed, 09 Jul 2014 23:45:06 -0400 |
>The proposal is to only use PLAIN with encryption:
>
> i) if TLS is in play, use internal PLAIN if the server supports it, else
> ii) fail
Right, but TLS doesn't guarantee you're talking to the right server
(unless you do certificate verification, and we don't AFAIK); it only
guarantees the channel is encrypted; I believe with the current setup
Maybe this isn't a practical concern, since I don't think many other
people care. It occurs to me that I should set SASL_SEC_NOPLAINTEXT
when TLS is not in use.
--Ken
- Re: [Nmh-workers] modernizing smtp message submission, (continued)
- Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/07
- Re: [Nmh-workers] modernizing smtp message submission, bergman, 2014/07/08
- Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/08
- Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/08
- Re: [Nmh-workers] modernizing smtp message submission, Bob Carragher, 2014/07/09
- Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/09
- Re: [Nmh-workers] modernizing smtp message submission, David Levine, 2014/07/09
- Re: [Nmh-workers] modernizing smtp message submission,
Ken Hornstein <=