summaryrefslogtreecommitdiff
path: root/usr.sbin/popa3d/DESIGN
diff options
context:
space:
mode:
authorCamiel Dobbelaar <camield@cvs.openbsd.org>2002-03-27 14:08:44 +0000
committerCamiel Dobbelaar <camield@cvs.openbsd.org>2002-03-27 14:08:44 +0000
commiteae5e6cfe2625830fca8b19b00318ed7354a0e56 (patch)
tree92611f304f680774c3fafdfab82835effe8027f2 /usr.sbin/popa3d/DESIGN
parente1c822bc86ad20e54425954f7580ef1df28cdd95 (diff)
Mostly cosmetic update so we can call it 0.5.
ok millert@, fgsch@
Diffstat (limited to 'usr.sbin/popa3d/DESIGN')
-rw-r--r--usr.sbin/popa3d/DESIGN6
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/popa3d/DESIGN b/usr.sbin/popa3d/DESIGN
index 1d03aad76aa..a137ffa44c3 100644
--- a/usr.sbin/popa3d/DESIGN
+++ b/usr.sbin/popa3d/DESIGN
@@ -33,15 +33,15 @@ completely, and balanced decisions need to be made.
First, it is important that none of the popa3d users get a false sense
of security just because it was the primary design goal. The POP3
-protocol transmits passwords in plaintext, and thus, if you care about
+protocol transmits passwords in plaintext and thus, if you care about
the security of your individual user accounts, should only be used
-either in trusted networks, or tunneled over encrypted channels.
+either in trusted networks or tunneled over encrypted channels.
There exist extensions to the protocol that are supposed to fix this
problem. I am not supporting them yet, partly because this isn't
going to fully fix the problem. In fact, APOP and the weaker defined
SASL mechanisms such as CRAM-MD5 may potentially be even less secure
than transmission of plaintext passwords because of the requirement
-that plaintext equivalents are stored on the server.
+that plaintext equivalents be stored on the server.
It is also important to understand that nothing can be perfectly
secure. I can make mistakes. While the design of popa3d makes it