Re: Mutt Next Generation
* On 2005.01.26, in <20050127003157.GE18161@xxxxxxxxxxxxxxxxxxxxx>,
* "Paul Walker" <paul@xxxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Jan 26, 2005 at 04:14:25PM -0800, Brendan Cully wrote:
>
> > I don't think off the wire is a common problem with SMTP submission. It's
> > typically over a TLS channel, and SASL (no plaintext) on top of that.
>
> Depends on the site, and (unsurprisingly) I don't know what setup Chicago
> University has. It was more to light-heartedly make a point than anything
> else. ;-)
Your point has some merit, but it doesn't really challenge my point. :)
I don't think it's fair to say that because you can never really know,
you might as well just put your unified password into a file on a server
or SAN and be done with it.
We require use of SSL for all authenticated connections, and that's
an increasingly common trend at other sites, too. I don't trust any
computer absolutely, but I do have varying levels of trust. The computer
I type my password into is my desktop, and I trust it more than any
other on campus not because it's more secure, but because I'm more aware
of it. I'm okay typing my password there, which is somewhat tautologic
since lacking a smart card or one-time pad, I have to anyway -- one way
or another.
But I don't *have* to do anything else with my password, except as the
technology in use requires. So it's good to use technology which doesn't
require it.
--
-D. dgc@xxxxxxxxxxxx NSIT::ENSS