[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From: Ted Zlatanov
Subject: Re: POP3 password in plaintext?
Date: Wed, 01 Oct 2014 09:22:53 -0400
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (darwin)

On Wed, 01 Oct 2014 13:00:56 +0900 "Stephen J. Turnbull" <address@hidden> 

SJT> It's not clear to me that there's a good way to do it.  Perhaps having
SJT> the `password-read' function (and any other functions that are used to
SJT> read passwords) check for unencrypted connections and warn the user
SJT> would work.

I think you mean `open-network-stream'?

On Tue, 30 Sep 2014 22:42:50 -0700 David Caldwell <address@hidden> wrote: 

DC> Modern POP/IMAP clients tend to have a checkbox or a setting to require
DC> SSL/TLS when connecting. If the protocol doesn't start TLS (and isn't
DC> connected to an SSL port) then it is considered a connection error. This
DC> setting is configured up-front, at the same time that the user
DC> configures the server name and port. In this day and age it might make
DC> sense to have such a checkbox default to "on".

I agree for most protocols, now that almost all our platforms support
GnuTLS. I think it would also help to have a certificate manager UI,
especially for self-signed certificates. I'd like to work on it after
the impending release.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]