emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rationale for this change?

From: Ralf Angeli
Subject: Re: Rationale for this change?
Date: Thu, 29 Dec 2005 10:55:37 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) 
[Sorry if this shows up twice but the first message sent yesterday
doesn't seem to have reached the list.]

* David Kastrup (2005-12-28) writes:

> 2005-12-05  Ralf Angeli  <address@hidden>
>
>       * mail/smtpmail.el (smtpmail-try-auth-methods):
>       Send credentials together with "AUTH PLAIN" command.
>
> I have not seen this discussed on the list, and it feels to me that
> this defeats system administrators who disable "AUTH PLAIN" because
> they consider the access path to the mail server under their
> administration unsafe for plain text transfers.  While the
> authentication is refused, the authentication data itself is still
> sent through the network after this change, making the refusal of
> "AUTH PLAIN" ineffective for avoiding ill consequences of snoopable
> connections.

As far as I can see sending an "AUTH PLAIN" string is only tried by
smtpmail.el if the server advertises it as being supported.

> Could you shed any light on what problem this change is intended to
> fix?

See my message to emacs-pretest-bug from 2005-12-05 with the subject
"smtpmail.el: PLAIN authentication fails".  Or on the web:
<URL:http://mid.gmane.org/address@hidden>

-- 
Ralf
reply via email to
[Prev in Thread] Current Thread [Next in Thread]