Ed W:
> Therefore I'm suggesting that the out of the box config matches the
> *RFC*. Then if the mail owner wants to lock it down to some non RFC
> suggested spec they can read the instructions.
Wietse:
> SHOULD does not forbid mandatory TLS; only a twisted mind will read
> this as "support for plaintext is required". Besides, RFCs are not
> the only relevant guidelines. There are plenty other guidelines
> that frowm upon plaintext passwords over plaintext connections.
Ed W:
> My understanding is that the proposed settings would require TLS even in
> the event of encrypted password exchange?
The proposed example configuration can be modified when a site has
submission users who traverse links with high latency, low bandwidth,
intermittent connectivity, etc.
It is not practical to provide an example for every scenario; only
one example will suffice, and it will cover the most common case.
Wietse
