[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-23 08:20:34

Matti Aarnio writes:
Yes, this is fundamental problem in "never do plaintext authentication" approach of current generation of specifications. Only in some far away hidden footnotes are things like plain-text login...

... which is still practical and safe, when it happens under STARTTLS.

(Surprising how much "low capability" systems are able to do TLS, but not SASL..)

Those that do STARTTLS also do EHLO, not HELO, so they're ok anyway.


<Prev in Thread] Current Thread [Next in Thread>