Ken wrote: > PLAIN is not; it sends the password in the clear (well, it's base64 > encoded for SMTP and you're only supposed to use it over an > encrypted channel, but you get the idea). If you do that with an > untrusted server, boom, there goes your password. Maybe that's not > a valid concern, but I'd rather require the user to configure that.
The proposal is to only use PLAIN with encryption: i) if TLS is in play, use internal PLAIN if the server supports it, else ii) fail David _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
