nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] modernizing smtp message submission

2014-07-09 22:45:37
The proposal is to only use PLAIN with encryption:

 i) if TLS is in play, use internal PLAIN if the server supports it, else
 ii) fail

Right, but TLS doesn't guarantee you're talking to the right server
(unless you do certificate verification, and we don't AFAIK); it only
guarantees the channel is encrypted; I believe with the current setup
Maybe this isn't a practical concern, since I don't think many other
people care.  It occurs to me that I should set SASL_SEC_NOPLAINTEXT
when TLS is not in use.

--Ken

_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>