[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] cleaning out the cobwebs

From: Ken Hornstein
Subject: Re: [Nmh-workers] cleaning out the cobwebs
Date: Thu, 04 Nov 2010 15:04:24 -0400

>i strongly suggest that KPOP not be deprecated unless you can prove
>there are no sites using Kerberized POP. (Hint - i know the answer)

Let me speak up a bit regarding that.

If you want to do Kerberos authentication via POP, there are two ways:
a protocol which has generally been known as "KPOP", and RFC 5034.
Technically RFC 5034 spells out how to do SASL over POP, but that means
you get GSSAPI authentication, and for the purposes of this discussion
that means Kerberos.  So when you say "Kerberized POP", you could be
talking about two very different protocols.

Without going into the gory details ... KPOP is an ugly, ugly protocol.
The only reason it has stuck around as long as it has is because for
a long time it was the only way to get Kerberos authentication for

Fast forward a few years or ten ... and now we've got a more sane
protocol, and we have many programs that implement it (Thunderbird,
Apple Mail, and even Eudora).  nmh also implements it via the
Cyrus-SASL library; I wrote that code a while ago, and it also uses
Cyrus-SASL to implement SMTP AUTH support as well.

At this point ... I can see no reason to continue to support KPOP.  I'm
not even sure what servers still implement it, except maybe old versions
of Qpopper (maybe the newer versions still have that code in there,
but I suspect it doesn't get much love).

Now, I suspect that there MAY still be a few crazy people that still
run the KPOP protocol, but there is no reason for them to do so, unless
they are still supporting things like MacOS 9 and ancient versions of
Eudora.  Nowadays everything implements some variant of the SASL protocol
(at least things that support Kerberos in some form).

So my vote is to kill it in the spirit of garbage-collecting unused code.
Unless we can get some people to speak up and say that hey, we DO use
KPOP, and we can't really use the SASL protocol (for some weird reason).
If you're one of those people, then this is when you should chime in!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]