TODO: sslfingerprint and thereabouts.

svn path=/branches/BRANCH_6-3/; revision=5388
author: Matthias Andree <matthias.andree@gmx.de> 2009-07-16 19:50:12 +0000
committer: Matthias Andree <matthias.andree@gmx.de> 2009-07-16 19:50:12 +0000
commit: cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329 (patch)
tree: ff32b78d485f7f8f8ebe157b6a991c3ad7faffc7 /TODO.txt
parent: 3026bfee3c04ba09f13e4345eec0d6fbe14cc146 (diff)
download: fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.tar.gz
fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.tar.bz2
fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/TODO.txt b/TODO.txt
index a6186a1f..97305e01 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -90,6 +90,10 @@ questionable:
 - CRYPTO: perhaps port to NSS? Check license and features and required procedure
   changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS)
 - CRYPTO: make the SSL default v3 (rather than v23).
+- CRYPTO: remove sslfingerprint? too easily abused (see NEWS)
+- CRYPTO: force sslcertck
+- CRYPTO: by default forbid cleartext or other compromising password
+  schemes over insecure connections?
 - put more hints to the FAQ (should we call it FGA?) as first support place
 - make sure we print socket error messages such as connection reset by
   peer to hint users the problem is not in fetchmail
author	Matthias Andree <matthias.andree@gmx.de>	2009-07-16 19:50:12 +0000
committer	Matthias Andree <matthias.andree@gmx.de>	2009-07-16 19:50:12 +0000
commit	cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329 (patch)
tree	ff32b78d485f7f8f8ebe157b6a991c3ad7faffc7 /TODO.txt
parent	3026bfee3c04ba09f13e4345eec0d6fbe14cc146 (diff)
download	fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.tar.gz fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.tar.bz2 fetchmail-cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329.zip