[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From: David Caldwell
Subject: Re: POP3 password in plaintext?
Date: Tue, 30 Sep 2014 22:42:50 -0700
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0

On 9/30/14 9:00 PM, Stephen J. Turnbull wrote:

> I liked Ted's suggestion about providing modeline indicators.
> However, a lot of HCI research shows that users don't notice such
> indicators and often misinterpret them.  While Emacs users are
> generally more aware of such indicators and of their correct
> interpretation, I think something like the "novice" feature to provide
> an easily disabled "in your face" warning about unencrypted channels
> should be considered.

Modern POP/IMAP clients tend to have a checkbox or a setting to require
SSL/TLS when connecting. If the protocol doesn't start TLS (and isn't
connected to an SSL port) then it is considered a connection error. This
setting is configured up-front, at the same time that the user
configures the server name and port. In this day and age it might make
sense to have such a checkbox default to "on".


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]