Some security-related suggestions

Michael D'Errico <Mike@software.com> Wed, 08 June 1994 19:12 UTC

Date: Wed, 08 Jun 1994 11:40:09 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Subject: Some security-related suggestions
To: ietf-pop3@andrew.cmu.edu
Message-ID: <Pine.3.89.9406081146.A7513-0100000@rome>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"

Although in the past the POP3 spec. has not discussed security
issues, I think it would be a good idea to add a few:

      - The POP3 server should always return +OK to
        the USER command, even if the user is not
        recognized.

      - The POP3 server should limit the number of
        unsuccessful login attempts allowed before
        closing a connection.

      - After a failed authentication attempt, either
        via USER/PASS or APOP, the POP3 server should
        pause for a few seconds.

These precautions make it much more difficult for someone to
guess other user's passwords.

Michael D'Errico
mike@software.com

Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Ned Freed
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Steve Dorner
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Ned Freed
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Steve Dorner