[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rationale for this change?
From: |
Bill Wohler |
Subject: |
Re: Rationale for this change? |
Date: |
Wed, 28 Dec 2005 23:45:38 -0800 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
David Kastrup <address@hidden> writes:
> Simon Josefsson <address@hidden> writes:
>
>> David Kastrup <address@hidden> writes:
>>
>>> 2005-12-05 Ralf Angeli <address@hidden>
>>>
>>> * mail/smtpmail.el (smtpmail-try-auth-methods):
>>> Send credentials together with "AUTH PLAIN" command.
>>>
>>> Could you shed any light on what problem this change is intended to
>>> fix?
>>
>> The AUTH PLAIN command is not sent if the server did not advertise
>> support for AUTH PLAIN. See RFC 2554. The earlier behavior violated
>> a SHOULD in RFC 2222 § 5.1.
>>
>> So security-wise, it is not worse than before.
>
> Ah, ok. I think rationales like that should be mentioned in the
> ChangeLog. Even if just as "(RFC 2222 § 5.1)".
Agreed.
--
Bill Wohler <address@hidden> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.