On Wed, 2 Feb 2005 11:35:37 -0800 (PST) Mark Crispin <[EMAIL PROTECTED]> wrote:
MC> On Wed, 2 Feb 2005, Vadim Zeitlin wrote: MC> > This is an amazing view of a problem which probably represented quite well MC> > the view of Internet in the early eighties. MC> MC> Did you use the Internet in the early eighties? You know perfectly well that I didn't (at least I told you so many times in the past as all our discussions seem to end with this) and you know that I do know that you did. But this is not the point. The point is that the balance has changed since then. Back then users could force such changes. Now they can't. MC> In that case, the user can cancel his account at that ISP and find an MC> alternative ISP which complies with the standards. How many users are going to do this? Or, more importantly, how many ISPs would do anything even if [s]he did? MC> If you really believe that I do not care about my users, maybe you should MC> use other library for your application. Unfortunately I don't have resources to redo 10 years of work using c-client. MC> The only reason for the USER capability in POP3 CAPA is to provide, by the MC> absence of USER, a means to block compliant POP3 clients from sending a MC> USER command. If you eliminate that block, you make the USER capability MC> meaningless, and undo a substantial amount of work put in by many MC> individuals. The answer to this as well to the security problem (how significant it is compared with the general idea of sending password in the cleartext could be discussed some other time...) you mention in the other message in this thread is the same: I do *not* want to eliminate this block. I want to provide the user with a way to override it. Just as a warning is shown before connecting to a server which requires sending password in clear text, a user could be warned that it's a potential security problem and that what he does may be contrary to the server administration policy. And then let each user decide for himself whether he wants to do it or not. I'm just trying to give user a choice in the matter and how does it mean "not caring to my users" or being responsible for "tsunami of worms, viruses, and spam" is beyond me. Anyhow, thanks for explaining your point of view. VZ -- ------------------------------------------------------------------ For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html ------------------------------------------------------------------
