Can anyone see any problems (which is to say, would it be accepted)
if I generated a patch that allowed specifying APOP as an
authentication? I wouldn't change the protocol option at all, so
nothing would change in that behavior.
The only behavioral changes would be:
protocol POP3 and auth APOP would work
and
protocol POP3 and auth ANY would try APOP (if it is supported)
immediately after trying CRAM-MD5
The reason is that I'm trying to automatically find the most secure
method to connect to someone's POP3 server, and it's currently not
possible to do that by using AUTH any, because on many servers it
will fall back to password even though it could have done APOP.
Comments?
--
Kee Hinckley
http://www.messagefire.com/ Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.