Re: PATCH: warn about, and deprecate, clear text passwords

On Tue, Feb 25, 2025 at 11:13:51AM -0500, Greg Sabino Mullane wrote:
> On Tue, Feb 25, 2025 at 10:34 AM Nathan Bossart <nathandbossart(at)gmail(dot)com>
> wrote:
>> IMHO a WARNING would really only be appropriate if we are definitely going
>> to remove support in the future, and that feels like a bit of a stretch to
>> me due to the level of breakage it could cause. That being said, folks did
>> seem on board enough with deprecating MD5 passwords for me to feel
>> comfortable committing it, although that might not quite be an
>> apples-to-apples comparison. In any case, we've long encouraged folks to
>> avoid sending passwords to the server in clear-text, so I think it's
>> reasonable to provide some way to enforce that server-side.
>
> Yes, I went back and forth on the wording for the warning, but ended up
> with a slightly weasely "may be removed" rather than "will be removed". Of
> course, no date is explicitly promised, so "will be removed" could be an
> accurate. It might just be 75 years from now, when our neural implants make
> plain text passwords a quaint relic.

I think it would be good to hear some other opinions on whether we should
consider sending clear-text passwords to the server as either 1) fully
supported, 2) deprecated but with no intent to remove anytime soon, or 3)
deprecated with the intent of removal at some point in the next several
years. I personally am -1 on the warning unless we have a consensus on
(3), but I'm +1 on adding a way to enforce "pre-encryption" regardless.

--
nathan