Message223352
| Author |
loewis |
| Recipients |
barry, jesstess, loewis, pitrou, r.david.murray, zvyn |
| Date |
2014年07月17日.18:09:14 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1405620554.41.0.735109585572.issue21935@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Milan: Your interpretation of the MUST requirement is correct.
However, we still cannot support the SHOULD NOT requirement: A server operator SHOULD NOT accept unencrypted passwords. RFC 2119 explains
This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
I cannot see any particular circumstances where unencrypted passwords for smtpd would be acceptable, given that there are perfectly established technologies. So I remain -1 on this patch.
A (not recommended) STARTTLS alternative is SMTPS (port 465). I would be -0 if there was an SMTPS implementation in smtpd, and the documentation would discuss that AUTH is best used with SMTPS until STARTTLS is implemented.
I don't understand why STARTTLS would require asyncio. Wouldn't wrap_socket solve the problem? |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2014年07月17日 18:09:14 | loewis | set | recipients:
+ loewis, barry, pitrou, r.david.murray, jesstess, zvyn |
| 2014年07月17日 18:09:14 | loewis | set | messageid: <1405620554.41.0.735109585572.issue21935@psf.upfronthosting.co.za> |
| 2014年07月17日 18:09:14 | loewis | link | issue21935 messages |
| 2014年07月17日 18:09:14 | loewis | create |
|