Ed W:
> Therefore I'm suggesting that the out of the box config matches the
> *RFC*.  Then if the mail owner wants to lock it down to some non RFC
> suggested spec they can read the instructions.

Wietse:
> SHOULD does not forbid mandatory TLS; only a twisted mind will read
> this as "support for plaintext is required". Besides, RFCs are not
> the only relevant guidelines. There are plenty other guidelines
> that frowm upon plaintext passwords over plaintext connections.

Ed W:
> My understanding is that the proposed settings would require TLS even in 
> the event of encrypted password exchange?

The proposed example configuration can be modified when a site has
submission users who traverse links with high latency, low bandwidth,
intermittent connectivity, etc.

It is not practical to provide an example for every scenario; only
one example will suffice, and it will cover the most common case.

        Wietse

Reply via email to