nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] modernizing smtp message submission

2014-07-09 22:32:59
Ken wrote:

PLAIN is not; it sends the password in the clear (well, it's base64
encoded for SMTP and you're only supposed to use it over an
encrypted channel, but you get the idea).  If you do that with an
untrusted server, boom, there goes your password.  Maybe that's not
a valid concern, but I'd rather require the user to configure that.

The proposal is to only use PLAIN with encryption:

  i) if TLS is in play, use internal PLAIN if the server supports it, else
  ii) fail

David

_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>