On Wed, 27 Nov 2002, Mark Crispin wrote: : On Wed, 27 Nov 2002 13:14:54 -0500, Lawrence Greenfield wrote: : > Note: a server implementation MUST implement a : > configuration : : Although that weasel-wording helps previous source distributions (if you : remember, I lobbied hard for it), it does not help binary distributions if the : binary is not also configurable. : : I don't know about you, but I'd be uncomfortable with a binary which can be : easily re-configured to be less secure...
Consider a series of IMAP messagestores on a pocket network with the following connections to it; secure webmail server: passes cleartext password to the messagestore secure imap proxy: passes cleartext password to the messagestore You have to be on the private pocket network to glimpse passwords. I am happy with the wording of the RFC as it stands, and do not believe the "weasel-wording" is applicable for source providers only. Randall
