> even over tls, it seems inconvinent to use two different passwords > (really the password and secret) for sending and downloading email.
it's certainly a bug if imap or smtpd or anything else expects a password that is not the inferno/pop secret. however, sending that password in plain text is no more secure than sending the plan 9 password in plain text. either way you should be using tls and not accept *any* passwords sent over an unencrypted connection. russ
