This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author loewis
Recipients barry, jesstess, loewis, pitrou, r.david.murray, zvyn
Date 2014-07-17.18:09:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1405620554.41.0.735109585572.issue21935@psf.upfronthosting.co.za>
In-reply-to
Content
Milan: Your interpretation of the MUST requirement is correct.

However, we still cannot support the SHOULD NOT requirement: A server operator SHOULD NOT accept unencrypted passwords. RFC 2119 explains

   This phrase, or the phrase "NOT RECOMMENDED" mean that
   there may exist valid reasons in particular circumstances when the
   particular behavior is acceptable or even useful, but the full
   implications should be understood and the case carefully weighed
   before implementing any behavior described with this label.

I cannot see any particular circumstances where unencrypted passwords for smtpd would be acceptable, given that there are perfectly established technologies. So I remain -1 on this patch.

A (not recommended) STARTTLS alternative is SMTPS (port 465). I would be -0 if there was an SMTPS implementation in smtpd, and the documentation would discuss that AUTH is best used with SMTPS until STARTTLS is implemented.

I don't understand why STARTTLS would require asyncio. Wouldn't wrap_socket solve the problem?
History
Date User Action Args
2014-07-17 18:09:14loewissetrecipients: + loewis, barry, pitrou, r.david.murray, jesstess, zvyn
2014-07-17 18:09:14loewissetmessageid: <1405620554.41.0.735109585572.issue21935@psf.upfronthosting.co.za>
2014-07-17 18:09:14loewislinkissue21935 messages
2014-07-17 18:09:14loewiscreate