all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Rationale for this change?
@ 2005-12-28 19:47 David Kastrup
  2005-12-28 20:16 ` Ralf Angeli
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: David Kastrup @ 2005-12-28 19:47 UTC (permalink / raw)
  Cc: angeli


2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>

	* mail/smtpmail.el (smtpmail-try-auth-methods):
	Send credentials together with "AUTH PLAIN" command.

I have not seen this discussed on the list, and it feels to me that
this defeats system administrators who disable "AUTH PLAIN" because
they consider the access path to the mail server under their
administration unsafe for plain text transfers.  While the
authentication is refused, the authentication data itself is still
sent through the network after this change, making the refusal of
"AUTH PLAIN" ineffective for avoiding ill consequences of snoopable
connections.

Could you shed any light on what problem this change is intended to
fix?

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-28 19:47 Rationale for this change? David Kastrup
@ 2005-12-28 20:16 ` Ralf Angeli
  2005-12-29  9:55 ` Ralf Angeli
  2005-12-29 11:14 ` Simon Josefsson
  2 siblings, 0 replies; 10+ messages in thread
From: Ralf Angeli @ 2005-12-28 20:16 UTC (permalink / raw)


* David Kastrup (2005-12-28) writes:

> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>
> 	* mail/smtpmail.el (smtpmail-try-auth-methods):
> 	Send credentials together with "AUTH PLAIN" command.
[...]
> Could you shed any light on what problem this change is intended to
> fix?

<URL:http://mid.gmane.org/E1EjMA3-0003z2-Fu@iwi191.iwi.uni-sb.de>

-- 
Ralf

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 11:56   ` David Kastrup
@ 2005-12-29  7:45     ` Bill Wohler
  2005-12-29 17:24     ` Stefan Monnier
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 10+ messages in thread
From: Bill Wohler @ 2005-12-29  7:45 UTC (permalink / raw)


David Kastrup <dak@gnu.org> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> David Kastrup <dak@gnu.org> writes:
>>
>>> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>>>
>>> 	* mail/smtpmail.el (smtpmail-try-auth-methods):
>>> 	Send credentials together with "AUTH PLAIN" command.
>>>
>>> Could you shed any light on what problem this change is intended to
>>> fix?
>>
>> The AUTH PLAIN command is not sent if the server did not advertise
>> support for AUTH PLAIN.  See RFC 2554.  The earlier behavior violated
>> a SHOULD in RFC 2222 § 5.1.
>>
>> So security-wise, it is not worse than before.
>
> Ah, ok.  I think rationales like that should be mentioned in the
> ChangeLog.  Even if just as "(RFC 2222 § 5.1)".

Agreed.

-- 
Bill Wohler <wohler@newt.com>  http://www.newt.com/wohler/  GnuPG ID:610BD9AD
Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-28 19:47 Rationale for this change? David Kastrup
  2005-12-28 20:16 ` Ralf Angeli
@ 2005-12-29  9:55 ` Ralf Angeli
  2005-12-29 11:14 ` Simon Josefsson
  2 siblings, 0 replies; 10+ messages in thread
From: Ralf Angeli @ 2005-12-29  9:55 UTC (permalink / raw)
  Cc: emacs-devel

[Sorry if this shows up twice but the first message sent yesterday
doesn't seem to have reached the list.]

* David Kastrup (2005-12-28) writes:

> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>
>       * mail/smtpmail.el (smtpmail-try-auth-methods):
>       Send credentials together with "AUTH PLAIN" command.
>
> I have not seen this discussed on the list, and it feels to me that
> this defeats system administrators who disable "AUTH PLAIN" because
> they consider the access path to the mail server under their
> administration unsafe for plain text transfers.  While the
> authentication is refused, the authentication data itself is still
> sent through the network after this change, making the refusal of
> "AUTH PLAIN" ineffective for avoiding ill consequences of snoopable
> connections.

As far as I can see sending an "AUTH PLAIN" string is only tried by
smtpmail.el if the server advertises it as being supported.

> Could you shed any light on what problem this change is intended to
> fix?

See my message to emacs-pretest-bug from 2005-12-05 with the subject
"smtpmail.el: PLAIN authentication fails".  Or on the web:
<URL:http://mid.gmane.org/E1EjMA3-0003z2-Fu@iwi191.iwi.uni-sb.de>

-- 
Ralf

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-28 19:47 Rationale for this change? David Kastrup
  2005-12-28 20:16 ` Ralf Angeli
  2005-12-29  9:55 ` Ralf Angeli
@ 2005-12-29 11:14 ` Simon Josefsson
  2005-12-29 11:56   ` David Kastrup
  2 siblings, 1 reply; 10+ messages in thread
From: Simon Josefsson @ 2005-12-29 11:14 UTC (permalink / raw)
  Cc: angeli, emacs-devel

David Kastrup <dak@gnu.org> writes:

> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>
> 	* mail/smtpmail.el (smtpmail-try-auth-methods):
> 	Send credentials together with "AUTH PLAIN" command.
>
> I have not seen this discussed on the list, and it feels to me that
> this defeats system administrators who disable "AUTH PLAIN" because
> they consider the access path to the mail server under their
> administration unsafe for plain text transfers.  While the
> authentication is refused, the authentication data itself is still
> sent through the network after this change, making the refusal of
> "AUTH PLAIN" ineffective for avoiding ill consequences of snoopable
> connections.
>
> Could you shed any light on what problem this change is intended to
> fix?

The AUTH PLAIN command is not sent if the server did not advertise
support for AUTH PLAIN.  See RFC 2554.  The earlier behavior violated
a SHOULD in RFC 2222 § 5.1.

So security-wise, it is not worse than before.

Of course, AUTH PLAIN can only be used securely under a TLS session,
but there are still servers out there that doesn't support TLS.  It is
possible to use AUTH PLAIN under TLS, but disabling AUTH PLAIN without
TLS is unrealistic.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 11:14 ` Simon Josefsson
@ 2005-12-29 11:56   ` David Kastrup
  2005-12-29  7:45     ` Bill Wohler
                       ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: David Kastrup @ 2005-12-29 11:56 UTC (permalink / raw)
  Cc: emacs-devel

Simon Josefsson <jas@extundo.com> writes:

> David Kastrup <dak@gnu.org> writes:
>
>> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>>
>> 	* mail/smtpmail.el (smtpmail-try-auth-methods):
>> 	Send credentials together with "AUTH PLAIN" command.
>>
>> Could you shed any light on what problem this change is intended to
>> fix?
>
> The AUTH PLAIN command is not sent if the server did not advertise
> support for AUTH PLAIN.  See RFC 2554.  The earlier behavior violated
> a SHOULD in RFC 2222 § 5.1.
>
> So security-wise, it is not worse than before.

Ah, ok.  I think rationales like that should be mentioned in the
ChangeLog.  Even if just as "(RFC 2222 § 5.1)".

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 11:56   ` David Kastrup
  2005-12-29  7:45     ` Bill Wohler
@ 2005-12-29 17:24     ` Stefan Monnier
  2005-12-29 17:44       ` David Kastrup
  2005-12-30  2:18     ` Richard M. Stallman
  2006-01-10 14:05     ` Simon Josefsson
  3 siblings, 1 reply; 10+ messages in thread
From: Stefan Monnier @ 2005-12-29 17:24 UTC (permalink / raw)
  Cc: angeli, emacs-devel

> Ah, ok.  I think rationales like that should be mentioned in the
> ChangeLog.  Even if just as "(RFC 2222 § 5.1)".

Often comments in the code are even better than in the ChangeLog.


        Stefan

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 17:24     ` Stefan Monnier
@ 2005-12-29 17:44       ` David Kastrup
  0 siblings, 0 replies; 10+ messages in thread
From: David Kastrup @ 2005-12-29 17:44 UTC (permalink / raw)
  Cc: angeli, emacs-devel

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> Ah, ok.  I think rationales like that should be mentioned in the
>> ChangeLog.  Even if just as "(RFC 2222 § 5.1)".
>
> Often comments in the code are even better than in the ChangeLog.

It is sort of pointless to talk about which of two things would be
better if one does not rule out the other.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 11:56   ` David Kastrup
  2005-12-29  7:45     ` Bill Wohler
  2005-12-29 17:24     ` Stefan Monnier
@ 2005-12-30  2:18     ` Richard M. Stallman
  2006-01-10 14:05     ` Simon Josefsson
  3 siblings, 0 replies; 10+ messages in thread
From: Richard M. Stallman @ 2005-12-30  2:18 UTC (permalink / raw)
  Cc: angeli, emacs-devel

    Ah, ok.  I think rationales like that should be mentioned in the
    ChangeLog.

Not in the ChangeLog.  They should be explained in comments in the code.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Rationale for this change?
  2005-12-29 11:56   ` David Kastrup
                       ` (2 preceding siblings ...)
  2005-12-30  2:18     ` Richard M. Stallman
@ 2006-01-10 14:05     ` Simon Josefsson
  3 siblings, 0 replies; 10+ messages in thread
From: Simon Josefsson @ 2006-01-10 14:05 UTC (permalink / raw)
  Cc: angeli, emacs-devel

David Kastrup <dak@gnu.org> writes:

> Simon Josefsson <jas@extundo.com> writes:
>
>> David Kastrup <dak@gnu.org> writes:
>>
>>> 2005-12-05  Ralf Angeli  <angeli@iwi.uni-sb.de>
>>>
>>> 	* mail/smtpmail.el (smtpmail-try-auth-methods):
>>> 	Send credentials together with "AUTH PLAIN" command.
>>>
>>> Could you shed any light on what problem this change is intended to
>>> fix?
>>
>> The AUTH PLAIN command is not sent if the server did not advertise
>> support for AUTH PLAIN.  See RFC 2554.  The earlier behavior violated
>> a SHOULD in RFC 2222 § 5.1.
>>
>> So security-wise, it is not worse than before.
>
> Ah, ok.  I think rationales like that should be mentioned in the
> ChangeLog.  Even if just as "(RFC 2222 § 5.1)".

I have added the following comment in the source code:

	;; We used to send an empty initial request, and wait for an
	;; empty response, and then send the password, but this
	;; violate a SHOULD in RFC 2222 paragraph 5.1.  Note that this
	;; is not sent if the server did not advertise AUTH PLAIN in
	;; the EHLO response.  See RFC 2554 for more info.

Thanks!

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2006-01-10 14:05 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-28 19:47 Rationale for this change? David Kastrup
2005-12-28 20:16 ` Ralf Angeli
2005-12-29  9:55 ` Ralf Angeli
2005-12-29 11:14 ` Simon Josefsson
2005-12-29 11:56   ` David Kastrup
2005-12-29  7:45     ` Bill Wohler
2005-12-29 17:24     ` Stefan Monnier
2005-12-29 17:44       ` David Kastrup
2005-12-30  2:18     ` Richard M. Stallman
2006-01-10 14:05     ` Simon Josefsson

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.