Closed Neustradamus closed 5 months ago
Hey @Neustradamus! Thank you very much for filing these issues and for the useful resources! I'm not entirely sure how to "resolve" this issue, though.
I think that imap-codec
can/should still encode all existing AUTH variants -- even the bad ones. I could feature-gate LOGIN but feel that I don't want to maintain the feature-flag. Removal would be a (breaking) alternative... Not sure we want to do it.
By the way, do you have insights on how widespread LOGIN still is? Recent Internet-Scans, etc.? I heard rumors that some large providers still require LOGIN but could not confirm with some quick tests. As much as I would love to remove it, I feel that it could be a matter of time someone opens a PR asking to support it again :-(
I'll close this as I believe this should be handled by an upper layer. Thanks, @Neustradamus!
Dear @duesee,
The 31 August 2006, PLAIN has replaced LOGIN, it is time to remove.
31 August 2006: RFC4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism:
There are now:
Soon:
Linked to: