[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From: Lars Magne Ingebrigtsen
Subject: Re: POP3 password in plaintext?
Date: Tue, 30 Sep 2014 16:17:50 +0200
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

> http://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause
> says that POP3 passwords are sometimes transmitted in plain text.
> Is plaintext transmission of passwords inherent in POP3
> or is it optional?

Modern pop3 servers support STARTTLS, and Emacs will upgrade to a TLS
connection whenever the server supports it.  (If you have an Emacs
compiled with gnutls support, but I would guess that almost all Emacs
instances has that.)

Virtually all the Emacs network transports that I know of will upgrade
to TLS opportunistically, if the servers allow it, so Emacs should send
no passwords unencrypted.

The only exceptions are HTTP and IRC, unless the latter has been fixed
lately.  And there are hopefully nobody who does a login that matters
over HTTP.

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]