Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?
Tony Finch <dot@dotat.at> Mon, 18 January 2010 15:04 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1EB1D3A6837 for <yam@core3.amsl.com>; Mon, 18 Jan 2010 07:04:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uN71xu+7-bP8 for <yam@core3.amsl.com>; Mon, 18 Jan 2010 07:04:05 -0800 (PST)
Received: from ppsw-1.csi.cam.ac.uk (ppsw-1.csi.cam.ac.uk [131.111.8.131]) by core3.amsl.com (Postfix) with ESMTP id D5FC03A67E3 for <yam@ietf.org>; Mon, 18 Jan 2010 07:04:04 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:48373) by ppsw-1.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.151]:25) with esmtpa (EXTERNAL:fanf2) id 1NWt96-0003Qd-3c (Exim 4.70) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2010 15:04:00 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1NWt96-0008UK-3V (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 18 Jan 2010 15:04:00 +0000
Date: Mon, 18 Jan 2010 15:04:00 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
In-Reply-To: <1fQ38Id/bDvQxBfPPns2Vg.md5@lochnagar.gulbrandsen.priv.no>
Message-ID: <alpine.LSU.2.00.1001181458000.6274@hermes-2.csi.cam.ac.uk>
References: <9A584868-5961-4871-B32E-915394043727@sabahattin-gucukoglu.com> <01NIK8RBBRJK004042@mauve.mrochek.com> <NvmPpzLxQER/jAcfFP13kQ.md5@lochnagar.gulbrandsen.priv.no> <6081A14A-42E5-4139-A57D-6DF01EF86BA7@iki.fi> <TGqvOaec0Cbt2mg7bqct1w.md5@lochnagar.gulbrandsen.priv.no> <alpine.LSU.2.00.1001181332190.6203@hermes-2.csi.cam.ac.uk> <1fQ38Id/bDvQxBfPPns2Vg.md5@lochnagar.gulbrandsen.priv.no>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: imap-protocol@u.washington.edu, yam@ietf.org
Subject: Re: [yam] [Imap-protocol] Re: draft-daboo-srv-email: POP3S/IMAPS?
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2010 15:04:06 -0000
On Mon, 18 Jan 2010, Arnt Gulbrandsen wrote: > > Timo's mail made me think of a different approach: Immediately expire a > password if a server receives that password in clear text. Bang bang. (Let me > guess: The words "support spike" entered your mind now.) :-) One advantage of POP's separate USER and PASS commands relative to IMAP's unified LOGIN command or SASL PLAIN is that the server can reject the USER command on unencrypted connections and with any luck the client will give up without blurting out the password. At least in theory :-) In practice I'm not too worried about idiot client software revealing passwords because it'll only happen during the user's first attempts at configuration, so the exposure is pretty small. I might revise that opinion if a college decides to go all-wireless for network access in student bedrooms, and if against all past experience students start using MUAs en masse instead of webmail... Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
- [yam] draft-daboo-srv-email: POP3S/IMAPS? Sabahattin Gucukoglu
- Re: [yam] [Imap-protocol] draft-daboo-srv-email: … Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] [Imap-protocol] draft-daboo-srv-email: … Lyndon Nerenberg
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Sabahattin Gucukoglu
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Julien ÉLIE
- Re: [yam] [Imap-protocol] draft-daboo-srv-email: … Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Tony Finch
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Arnt Gulbrandsen
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Tony Finch
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Arnt Gulbrandsen
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Timo Sirainen
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Tony Finch
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Tony Finch
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Arnt Gulbrandsen
- Re: [yam] [Imap-protocol] Re: draft-daboo-srv-ema… Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Tony Finch
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Alfred Hönes
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Alexey Melnikov
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Ned Freed
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Lars Eggert
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Magnus Westerlund
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Lars Eggert
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Arnt Gulbrandsen
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Sabahattin Gucukoglu
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Joe Touch
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Joe Touch
- Re: [yam] draft-daboo-srv-email: POP3S/IMAPS? Lars Eggert