From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Kastrup Newsgroups: gmane.emacs.devel Subject: Re: POP3 password in plaintext? Date: Wed, 01 Oct 2014 15:15:19 +0200 Message-ID: <878ul0hqxk.fsf@fencepost.gnu.org> References: <878ul1x4kw.fsf@uwakimon.sk.tsukuba.ac.jp> <87ppecv3pj.fsf@uwakimon.sk.tsukuba.ac.jp> <87sij8ical.fsf@fencepost.gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412169360 9769 80.91.229.3 (1 Oct 2014 13:16:00 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Oct 2014 13:16:00 +0000 (UTC) Cc: emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 01 15:15:51 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XZJl1-0007wn-DM for ged-emacs-devel@m.gmane.org; Wed, 01 Oct 2014 15:15:51 +0200 Original-Received: from localhost ([::1]:55394 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZJl0-00008L-Qu for ged-emacs-devel@m.gmane.org; Wed, 01 Oct 2014 09:15:50 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33279) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZJke-00007C-Lk for emacs-devel@gnu.org; Wed, 01 Oct 2014 09:15:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XZJkd-0007F9-0y for emacs-devel@gnu.org; Wed, 01 Oct 2014 09:15:28 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56993) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZJkc-0007Ey-Tr for emacs-devel@gnu.org; Wed, 01 Oct 2014 09:15:26 -0400 Original-Received: from localhost ([127.0.0.1]:35935 helo=lola) by fencepost.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZJkW-0005Se-9T; Wed, 01 Oct 2014 09:15:20 -0400 Original-Received: by lola (Postfix, from userid 1000) id E2C73E082E; Wed, 1 Oct 2014 15:15:19 +0200 (CEST) In-Reply-To: (Richard Stallman's message of "Wed, 01 Oct 2014 08:54:03 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:174904 Archived-At: Richard Stallman writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > Transparent STARTTLS on demand would seem useless against > man-in-the-middle attacks. It's just good against eavesdropping on > unintercepted traffic. And you don't even need to be true > man-in-the-middle: you just need to be faster answering the STARTTLS > negotiation. > > Are other protocols for fetching mail better > in security? > > David Caldwell wrote: > > Modern POP/IMAP clients tend to have a checkbox or a setting to require > SSL/TLS when connecting. If the protocol doesn't start TLS (and isn't > connected to an SSL port) then it is considered a connection error. This > setting is configured up-front, at the same time that the user > configures the server name and port. In this day and age it might make > sense to have such a checkbox default to "on". > > That makes sense -- if STARTTLS in POP3 is fundamentally adequate. > But if Kastrup is right, that isn't so. My bet is on Kastrup not being right. But I'd be interested to know why. -- David Kastrup