[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] modernizing smtp message submission

From: Ken Hornstein
Subject: Re: [Nmh-workers] modernizing smtp message submission
Date: Wed, 09 Jul 2014 23:45:06 -0400

>The proposal is to only use PLAIN with encryption:
>  i) if TLS is in play, use internal PLAIN if the server supports it, else
>  ii) fail

Right, but TLS doesn't guarantee you're talking to the right server
(unless you do certificate verification, and we don't AFAIK); it only
guarantees the channel is encrypted; I believe with the current setup
Maybe this isn't a practical concern, since I don't think many other
people care.  It occurs to me that I should set SASL_SEC_NOPLAINTEXT
when TLS is not in use.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]