[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POP3 password in plaintext?
From: |
David Caldwell |
Subject: |
Re: POP3 password in plaintext? |
Date: |
Tue, 30 Sep 2014 22:42:50 -0700 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0 |
On 9/30/14 9:00 PM, Stephen J. Turnbull wrote:
> I liked Ted's suggestion about providing modeline indicators.
> However, a lot of HCI research shows that users don't notice such
> indicators and often misinterpret them. While Emacs users are
> generally more aware of such indicators and of their correct
> interpretation, I think something like the "novice" feature to provide
> an easily disabled "in your face" warning about unencrypted channels
> should be considered.
Modern POP/IMAP clients tend to have a checkbox or a setting to require
SSL/TLS when connecting. If the protocol doesn't start TLS (and isn't
connected to an SSL port) then it is considered a connection error. This
setting is configured up-front, at the same time that the user
configures the server name and port. In this day and age it might make
sense to have such a checkbox default to "on".
-David
smime.p7s
Description: S/MIME Cryptographic Signature