[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] modernizing smtp message submission

From: David Levine
Subject: Re: [Nmh-workers] modernizing smtp message submission
Date: Wed, 09 Jul 2014 23:32:33 -0400

Ken wrote:

> PLAIN is not; it sends the password in the clear (well, it's base64
> encoded for SMTP and you're only supposed to use it over an
> encrypted channel, but you get the idea).  If you do that with an
> untrusted server, boom, there goes your password.  Maybe that's not
> a valid concern, but I'd rather require the user to configure that.

The proposal is to only use PLAIN with encryption:

  i) if TLS is in play, use internal PLAIN if the server supports it, else
  ii) fail


reply via email to

[Prev in Thread] Current Thread [Next in Thread]