Re: Some security-related suggestions

John Gardiner Myers <jgm+@cmu.edu> Thu, 09 June 1994 02:09 UTC

Message-ID: <MhxbW_i00WBw810LYy@andrew.cmu.edu>
Date: Wed, 08 Jun 1994 22:03:54 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: John Gardiner Myers <jgm+@cmu.edu>
To: POP3 IETF Mailing List <ietf-pop3+@andrew.cmu.edu>
Subject: Re: Some security-related suggestions
In-Reply-To: <19940608225946.AAA8960@rome.software.com>
References: <19940608225946.AAA8960@rome.software.com>
Beak: is Not

Mike@Software.com (Michael D'Errico) writes:
> All of my mail goes out as "mike" but I can set up a POP account for
> me as "2Yhd%0_" if I want....

Or you could alternately leave your account as "mike" and require your
password to start with "2Yhd%0_", with no increase in security risk.
Two reusable passwords are no better than one twice as long.

If people want text like that given by Steve Dorner in the Security
Considerations section, fine.  I do, however, object to prohibiting
servers from issuing useful error messages on the USER command.

-- 
_.John G. Myers		Internet: jgm+@CMU.EDU
			LoseNet:  ...!seismo!ihnp4!wiscvm.wisc.edu!give!up

Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Ned Freed
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Steve Dorner
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Ned Freed
Re: Some security-related suggestions John Gardiner Myers
Re: Some security-related suggestions Michael D'Errico
Re: Some security-related suggestions Steve Dorner