From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: POP3 password in plaintext?
Date: Tue, 30 Sep 2014 16:17:50 +0200
Message-ID: <m3egut42gh.fsf@stories.gnus.org>
References: <E1XYhtJ-0003qj-8x@fencepost.gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1412086713 13441 80.91.229.3 (30 Sep 2014 14:18:33 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 30 Sep 2014 14:18:33 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 30 16:18:28 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XYyG3-0001nk-OB
	for ged-emacs-devel@m.gmane.org; Tue, 30 Sep 2014 16:18:27 +0200
Original-Received: from localhost ([::1]:43647 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XYyG3-0006B3-7v
	for ged-emacs-devel@m.gmane.org; Tue, 30 Sep 2014 10:18:27 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59864)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XYyFv-00061G-4k
	for emacs-devel@gnu.org; Tue, 30 Sep 2014 10:18:23 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1XYyFq-0007sW-Aj
	for emacs-devel@gnu.org; Tue, 30 Sep 2014 10:18:19 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:53055)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>)
	id 1XYyFq-0007qx-4J; Tue, 30 Sep 2014 10:18:14 -0400
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1XYyFT-0003KQ-B7; Tue, 30 Sep 2014 16:17:51 +0200
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUODROppK6FgIoFBAlU
	UVgtKzHRzNUeHSIXFRsjIinoHT/GAAACOElEQVQ4jV2SQYvbMBCFB1Jo9mgTfLdJF3oLiNLtLVFd
	aI9NrYCPzha1vW2hi+2bL8Xyvcarf9s3kuxkdwiEzKf35o0UUqrIQ2WoKFRGvVUqzx2VAOkLMCvS
	K8W4AOmcEu2BCWDLivQatB5kcZis9bMZEqcdSLSuoigGaAPI8CtlQQCwKnwiHF9AtigcSCp2mq3s
	BaCn9dWMYt5Bh0pALlbpBWgH5rgg+ooEhXxmBTArXoIqonq8Gs4LZGkAXuHinqMEEba37MWKxep7
	xW6bxIF2vChSHSeVzNMFFH5GckgiPEshvZUNf4eUXyhOw6YRmb5GtfWfebOIYyGVEGJHNPSP4fIz
	CSkvCEC0HurZUnonVkAARQDSPXuFa3cKGjpj+HJk+Ec4wIrXpiOD6icbLIn7OD5xtH/Kokb+KFqT
	cWf5+O/WYl0uAHLt2hFZP6w7xIBEcb9/KrL8Cd9bs+K1nB+tjfkrtzJ/C7DZc8gba1trAbpXscQd
	wS+KWdHyeAb0LkP8jTFDUn0T4m4srS0VRtCHvdrLz6brpf7onMrRAdOtsDxvKFlhfdEctUNweRbi
	vWuPJdXN0qdj5ZxQqqRmKBnRTogVwK71TpgxcB9TEPR4FjeTa2Nz05vGwEYw+CVa3y5H6rFxx0ao
	/OcdX+xoi42ipm8gcgIh7/3o4nTLVnXT1MZd3+G+5hHlKTm9AWh6zjs+rMThh7s/ddzknzAD/cY8
	ToBfv0xueLHNFfXuvFnzC9Z2gpd/xP90dWLNezrWDwAAAABJRU5ErkJggg==
X-Now-Playing: Various's _The Dream (Below The Radar Special Edition)_: "We
	Will Fail - 061"
X-Hashcash: 1:23:140930:emacs-devel@gnu.org::P4G9/S2tiHmN7Gv2:000000000000000000000000000000000000000000JnQd
X-Hashcash: 1:23:140930:rms@gnu.org::zk3FFm1icH7pZC3j:000000xxNE
In-Reply-To: <E1XYhtJ-0003qj-8x@fencepost.gnu.org> (Richard Stallman's message
	of "Mon, 29 Sep 2014 16:49:53 -0400")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)
X-MailScanner-ID: 1XYyFT-0003KQ-B7
MailScanner-NULL-Check: 1412691471.57786@DICZJwqZc/c+6nr+onM49w
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:174846
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/174846>

Richard Stallman <rms@gnu.org> writes:

> http://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause
>
> says that POP3 passwords are sometimes transmitted in plain text.
>
> Is plaintext transmission of passwords inherent in POP3
> or is it optional?

Modern pop3 servers support STARTTLS, and Emacs will upgrade to a TLS
connection whenever the server supports it.  (If you have an Emacs
compiled with gnutls support, but I would guess that almost all Emacs
instances has that.)

Virtually all the Emacs network transports that I know of will upgrade
to TLS opportunistically, if the servers allow it, so Emacs should send
no passwords unencrypted.

The only exceptions are HTTP and IRC, unless the latter has been fixed
lately.  And there are hopefully nobody who does a login that matters
over HTTP.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no