Add L10N comment for unencrypted PREAUTH warning.

I forgot to add one while trying to get the fix out.
author: Kevin McCarthy <kevin@8t8.us> 2020-06-19 14:39:33 -0700
committer: Kevin McCarthy <kevin@8t8.us> 2020-06-19 14:39:33 -0700
commit: a400fc3f50fbbd18e5cca5091645888416060d8b (patch)
tree: 1c196289e4cd00baa3f5dd2e9dffc5499ac9a69e /imap
parent: fee313568a7d63a177a5e709d3eca8477f707aec (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/imap/imap.c b/imap/imap.c
index 2ddc3469..60a49f1e 100644
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -537,6 +537,19 @@ int imap_open_connection (IMAP_DATA* idata)
     {
       if (option(OPTSSLFORCETLS) ||
           (query_quadoption (OPT_SSLSTARTTLS,
+    /* L10N:
+       Gitlab ticket #246 identified a machine-in-the-middle attack
+       by sending a "PREAUTH" response instead of "OK".  STARTTLS
+       is not allowed once you are authenticated, so this would be
+       a clever way to prevent encryption, and talk to the MITM instead.
+
+       This prompt is based on the quadoption $ssl_starttls.  The
+       default is "yes" which will automatically abort unencrypted
+       PREAUTH.  But if the user changes to ask-yes or ask-no, this
+       prompt will occur instead to warn them that the connection is
+       an unusual "PREAUTH" and is unencrypted.  The warning is terse,
+       so translator feedback and suggestions most welcome.
+    */
                              _("Abort unencrypted PREAUTH connection?")) != MUTT_NO))
       {
         mutt_error _("Encrypted connection unavailable");
author	Kevin McCarthy <kevin@8t8.us>	2020-06-19 14:39:33 -0700
committer	Kevin McCarthy <kevin@8t8.us>	2020-06-19 14:39:33 -0700
commit	a400fc3f50fbbd18e5cca5091645888416060d8b (patch)
tree	1c196289e4cd00baa3f5dd2e9dffc5499ac9a69e /imap
parent	fee313568a7d63a177a5e709d3eca8477f707aec (diff)