Some security-related suggestions
Michael D'Errico <Mike@software.com> Wed, 08 June 1994 19:12 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05466; 8 Jun 94 15:12 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa05462; 8 Jun 94 15:12 EDT
Received: from PO2.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa12322; 8 Jun 94 15:12 EDT
Received: (from postman@localhost) by po2.andrew.cmu.edu (8.6.7/8.6.6) id OAA15747; Wed, 8 Jun 1994 14:41:45 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Wed, 8 Jun 1994 14:41:44 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.shxV2JO00UdbJOTU5g>; Wed, 8 Jun 1994 14:40:22 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id OAA23161 for <ietf-pop3@andrew.cmu.edu>; Wed, 8 Jun 1994 14:40:14 -0400
Received: from rome (rome.software.com [198.17.234.2]) by rome.software.com with SMTP id AAA7594 for <ietf-pop3@andrew.cmu.edu>; Wed, 8 Jun 1994 11:40:10 -0700
Date: Wed, 08 Jun 1994 11:40:09 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Subject: Some security-related suggestions
To: ietf-pop3@andrew.cmu.edu
Message-ID: <Pine.3.89.9406081146.A7513-0100000@rome>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Although in the past the POP3 spec. has not discussed security issues, I think it would be a good idea to add a few: - The POP3 server should always return +OK to the USER command, even if the user is not recognized. - The POP3 server should limit the number of unsuccessful login attempts allowed before closing a connection. - After a failed authentication attempt, either via USER/PASS or APOP, the POP3 server should pause for a few seconds. These precautions make it much more difficult for someone to guess other user's passwords. Michael D'Errico mike@software.com
- Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner