On Mon, 20 May 2002, Scott M Likens wrote:
> You can easily use TLS with ASMTP, but to be quite honest.
>
> Plaintext is not plaintext
>
> If you read the SASL_README on postfix it explains PLAIN is
> base64("\0user\0user\0password");
This doesn't change the fact that it's a trivial matter for an
eavesdropper to get the password if PLAIN is used without TLS protection.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
