-
Notifications
You must be signed in to change notification settings - Fork 4
/
TODO
31 lines (23 loc) · 1.28 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
o Finish the TLS code.
* report server certificate details (esp fingerprint) to application
* report cipher in use to application.
* API to specify minimum acceptable security levels.
o SASL
* New plugin strategy. If the server lists acceptable mechanisms
load them all. If not load all plugins. Eliminate those which
cannot negotiate a sufficient security level. If encryption
is already in use, eliminate those which *must* encrypt. Rank
remaining mechanisms according to the protection afforded to the
username and password. Attempt to authenticate using highest rank
mechanism to lowest. Special case: if the server offers EXTERNAL
and the external token has been set, use that as the highest
ranking mechanism. If the server refuses a mechanism, back off to
the next mechanism. If the server accepts the mechanism but fails
authentication, end the sequence. Special exception: if EXTERNAL
was used and authentication fails, back off to the next mechanism.
o Make header code do line folding at white spaces.
o Make header code handle Resent-* headers.
o Make header code handle list notation in appropriate recipient headers.
o Review API.
o Review error reporting.
o Loadsa documentation.