Message 223322 - Python tracker

Message223322

Author	loewis
Recipients	barry, jesstess, loewis, pitrou, r.david.murray, zvyn
Date	2014-07-17.08:31:39
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1405585899.28.0.633222412516.issue21935@psf.upfronthosting.co.za>
In-reply-to

Content
RFC 4954 states Note: A server implementation MUST implement a configuration in which it does NOT permit any plaintext password mechanisms, unless either the STARTTLS [SMTP-TLS] command has been negotiated or some other mechanism that protects the session from password snooping has been provided. Server sites SHOULD NOT use any configuration which permits a plaintext password mechanism without such a protection mechanism against password snooping. So I'm -1 on this patch, and also on the feature until STARTTLS is implemented (and then this patch needs to be updated to conform to this requirement).

Content

RFC 4954 states

 Note: A server implementation MUST implement a configuration in which
   it does NOT permit any plaintext password mechanisms, unless either
   the STARTTLS [SMTP-TLS] command has been negotiated or some other
   mechanism that protects the session from password snooping has been
   provided.  Server sites SHOULD NOT use any configuration which
   permits a plaintext password mechanism without such a protection
   mechanism against password snooping.

So I'm -1 on this patch, and also on the feature until STARTTLS is implemented (and then this patch needs to be updated to conform to this requirement).

History
Date	User	Action	Args
2014-07-17 08:31:39	loewis	set	recipients: + loewis, barry, pitrou, r.david.murray, jesstess, zvyn
2014-07-17 08:31:39	loewis	set	messageid: <1405585899.28.0.633222412516.issue21935@psf.upfronthosting.co.za>
2014-07-17 08:31:39	loewis	link	issue21935 messages
2014-07-17 08:31:39	loewis	create