Message223322
RFC 4954 states
Note: A server implementation MUST implement a configuration in which
it does NOT permit any plaintext password mechanisms, unless either
the STARTTLS [SMTP-TLS] command has been negotiated or some other
mechanism that protects the session from password snooping has been
provided. Server sites SHOULD NOT use any configuration which
permits a plaintext password mechanism without such a protection
mechanism against password snooping.
So I'm -1 on this patch, and also on the feature until STARTTLS is implemented (and then this patch needs to be updated to conform to this requirement). |
|
Date |
User |
Action |
Args |
2014-07-17 08:31:39 | loewis | set | recipients:
+ loewis, barry, pitrou, r.david.murray, jesstess, zvyn |
2014-07-17 08:31:39 | loewis | set | messageid: <1405585899.28.0.633222412516.issue21935@psf.upfronthosting.co.za> |
2014-07-17 08:31:39 | loewis | link | issue21935 messages |
2014-07-17 08:31:39 | loewis | create | |
|