IETF Logo Mail Archive

Re: Some security-related suggestions

Michael D'Errico <Mike@software.com> Thu, 09 June 1994 00:28 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa08861; 8 Jun 94 20:28 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa08857; 8 Jun 94 20:28 EDT
Received: from PO5.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa18809; 8 Jun 94 20:28 EDT
Received: (from postman@localhost) by po5.andrew.cmu.edu (8.6.7/8.6.6) id UAA07428; Wed, 8 Jun 1994 20:24:43 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Wed, 8 Jun 1994 20:24:40 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q000/QF.Mhxa2GS00Udb4eK04S>; Wed, 8 Jun 1994 20:21:38 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id UAA10827 for <ietf-pop3+@andrew.cmu.edu>; Wed, 8 Jun 1994 20:21:23 -0400
Received: from rome (rome.software.com [127.0.0.1]) by rome.software.com with ESMTP id AAA9717 for <ietf-pop3+@andrew.cmu.edu>; Wed, 8 Jun 1994 17:21:18 -0700
To: ietf-pop3+@andrew.cmu.edu
Subject: Re: Some security-related suggestions
In-reply-to: Your message of "Wed, 08 Jun 1994 18:18:04 CDT." <aa1bfee60502101648a5@[192.17.5.3]>
Date: Wed, 08 Jun 1994 17:21:17 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Message-ID: <19940609012118.AAA9717@rome.software.com>

sdorner@qualcomm.com (Steve Dorner) wrote:
>
>  SECURITY CONSIDERATIONS:
>
>  Servers that answer -ERR to USER commands with invalid usernames
>  are giving clues about valid usernames to hackers.
>
>  Use of the PASS command sends passwords in the clear over the network.
>
>  Use of the RETR command sends mail in the clear over the network.

Looks great.  You should probably add the TOP command to the last point though.
And some people might be offended by the word "hacker" in this context....

Michael D'Errico
mike@software.com

v2.23.0 | Report a Bug | By Email