On Tue, 22 Jul 2008, Keith Moore wrote:
yet another configuration knob to twiddle for an interface (MUA to message
store) that's already notoriously hard for users to get right.
heck, we still have WAY too many people using POP or IMAP with cleartext
passwords, mostly because that's the configuration that "works" with all
clients and servers, and partially because there's no uniform language to
describe the other configurations. (does "use secure authentication" mean
APOP, or POP+SSL over a reserved port, or POP with the STARTTLS command?)
Usually none of the above :-) i.e. Microsoft proprietary authentication.
Of course MUAs should just use the protocol's negotiation features to
auto-configure the most secure settings possible. I get so annoyed that
they don't.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
GERMAN BIGHT: VARIABLE 3, BECOMING EAST 4 OR 5 LATER. SLIGHT OR MODERATE. FOG
PATCHES. GOOD, OCCASIONALLY VERY POOR.