Hacker News new | ask | show | jobs
by MichaelGG 3262 days ago
Why? What benefit is there in starting plaintext, and as the post shows, allowing clients to transmit credentials?

And is IMAPS deprecated? Not that it matters -- the IETF or IANA deprecating something or unassigning a port is not really much of a justification.
1 comments
Bino 3262 days ago
It was unnecessary to split the protocol into two ports when STARTTLS came along shortly after. As for myself, I also thinks it's nice that you can partly identify the usage of a port by connecting to it.

https://en.wikipedia.org/wiki/SMTPS

link
MichaelGG 3262 days ago
Still doesn't address sending credentials plaintext or what benefit this has, at all. Adds another roundtrip for no benefit. Using TLS doesn't change the identification, just requires a few packets to be exchanged; not a huge deal.

So again, how did Lavabit help its customers by not forcing TLS for IMAP?

link