[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rationale for this change?
From: |
Ralf Angeli |
Subject: |
Re: Rationale for this change? |
Date: |
Thu, 29 Dec 2005 10:55:37 +0100 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
[Sorry if this shows up twice but the first message sent yesterday
doesn't seem to have reached the list.]
* David Kastrup (2005-12-28) writes:
> 2005-12-05 Ralf Angeli <address@hidden>
>
> * mail/smtpmail.el (smtpmail-try-auth-methods):
> Send credentials together with "AUTH PLAIN" command.
>
> I have not seen this discussed on the list, and it feels to me that
> this defeats system administrators who disable "AUTH PLAIN" because
> they consider the access path to the mail server under their
> administration unsafe for plain text transfers. While the
> authentication is refused, the authentication data itself is still
> sent through the network after this change, making the refusal of
> "AUTH PLAIN" ineffective for avoiding ill consequences of snoopable
> connections.
As far as I can see sending an "AUTH PLAIN" string is only tried by
smtpmail.el if the server advertises it as being supported.
> Could you shed any light on what problem this change is intended to
> fix?
See my message to emacs-pretest-bug from 2005-12-05 with the subject
"smtpmail.el: PLAIN authentication fails". Or on the web:
<URL:http://mid.gmane.org/address@hidden>
--
Ralf