[issue21935] Implement AUTH command in smtpd.
Martin v. Löwis
report at bugs.python.org
Thu Jul 17 20:09:14 CEST 2014
Martin v. Löwis added the comment:
Milan: Your interpretation of the MUST requirement is correct.
However, we still cannot support the SHOULD NOT requirement: A server operator SHOULD NOT accept unencrypted passwords. RFC 2119 explains
This phrase, or the phrase "NOT RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
I cannot see any particular circumstances where unencrypted passwords for smtpd would be acceptable, given that there are perfectly established technologies. So I remain -1 on this patch.
A (not recommended) STARTTLS alternative is SMTPS (port 465). I would be -0 if there was an SMTPS implementation in smtpd, and the documentation would discuss that AUTH is best used with SMTPS until STARTTLS is implemented.
I don't understand why STARTTLS would require asyncio. Wouldn't wrap_socket solve the problem?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21935>
_______________________________________
More information about the Python-bugs-list
mailing list