From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] upas/smtpd password authentication From: "Russ Cox" Date: Sun, 16 Dec 2007 13:02:10 -0500 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Message-Id: <20071216180213.32FA61E8C5C@holo.morphisms.net> Topicbox-Message-UUID: 1a81070e-ead3-11e9-9d60-3106f5b1d025 > even over tls, it seems inconvinent to use two different passwords > (really the password and secret) for sending and downloading email. it's certainly a bug if imap or smtpd or anything else expects a password that is not the inferno/pop secret. however, sending that password in plain text is no more secure than sending the plan 9 password in plain text. either way you should be using tls and not accept *any* passwords sent over an unencrypted connection. russ