User authentication

Martin Hamilton ([email protected])
Sat, 6 May 1995 11:14:40 +0500


There's been a lot of grumbling about the ease of mail/news forgery
via WWW browsers, but it would be trivial to add a simple user
authentication mechanism based on say the POP (RFC 1725) or IMAP (RFC
1730) protocols

Using the simple (cleartext) POP3 authentication, the entire authentication dialogue need only consist of the following ...

+OK POP server starting
user martin
+OK Password required for martin.
pass secret
+OK martin has 3 message(s) (34153 octets).
quit
+OK Pop server says bye!

Of course there are fancier scenarios using Kerberos, S/Key ... :-)

Just a thought!

Martin