Re: Some security-related suggestions
Michael D'Errico <Mike@software.com> Fri, 10 June 1994 13:47 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02298; 10 Jun 94 9:47 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id ar02171; 10 Jun 94 9:47 EDT
Received: from PO5.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa01399; 10 Jun 94 3:53 EDT
Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.7/8.6.6) id DAA17075; Fri, 10 Jun 1994 03:47:31 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Fri, 10 Jun 1994 03:47:30 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q000/QF.Uhy1XCq00UdbB5XE5d>; Fri, 10 Jun 1994 03:39:59 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id DAA17800 for <ietf-pop3+@andrew.cmu.edu>; Fri, 10 Jun 1994 03:39:53 -0400
Received: from rome (rome.software.com [127.0.0.1]) by rome.software.com with ESMTP id AAA634 for <ietf-pop3+@andrew.cmu.edu>; Fri, 10 Jun 1994 00:34:29 -0700
To: POP3 IETF Mailing List <ietf-pop3+@andrew.cmu.edu>
Subject: Re: Some security-related suggestions
Date: Fri, 10 Jun 1994 00:34:28 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Message-ID: <19940610083429.AAA634@rome.software.com>
>Mike@Software.com (Michael D'Errico) writes: >> All of my mail goes out as "mike" but I can set up a POP account for >> me as "2Yhd%0_" if I want.... > >Or you could alternately leave your account as "mike" and require your >password to start with "2Yhd%0_", with no increase in security risk. >Two reusable passwords are no better than one twice as long. Well the reason for this is that users generally pick easily guessable passwords, so if you pick an obscure user name for them, you have in- creased the security of their account. Of course there is no security if people can sniff your local network though. >If people want text like that given by Steve Dorner in the Security >Considerations section, fine. I do, however, object to prohibiting >servers from issuing useful error messages on the USER command. My only intention in posting the original message was to have a section on Security Considerations that said anything other than "Security issues are not discussed in this memo." The text proposed by Steve, along with that in mrose-again (about APOP), does exactly that. Michael D'Errico mike@software.com
- Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner