On Mar 14, 2012, at 21:03, Patrick Ben Koetter wrote: > * Charles Marcus <cmar...@media-brokers.com>: >> On 2012-03-14 2:39 PM, Ed W <li...@wildgooses.com> wrote: >>> I see no reason to *require* encryption on the submission port (RFC >>> aside). >> >> Unless you prefer that sniffers not be able to see your passwords >> crossing the wire in plaintext? >> >>> I think "may" is a more appropriate default? >> >> Disagree vehemently. > > The RFC on submission is clear about that. It says SHOULD and not MUST. It is > safe to AUTH if you use cram-md5, digest-md5, ntlm or any other non-plaintext > mechanism. Forcing TLS by default is safer, but it pushes a policy on people > the SHOULD decide themselves, I think.
From what I remember when we spent some time deciding our new defaults, all the methods that hash the password before sending it over the wire require that the server stores the plaintext, or at least the hashed versions of it. This was considered insecure, so we went with enforced TLS, and 'plain' auth only. Also, in our experience, pushing a policy that leaves no wiggle room tends to be a Good Thing for most users. To each their own, of course :-) Cya, Jona
