smtpmail.texi (Authentication): Improve STARTTLS discussion.

man/smtpmail.texi

@@ -215,13 +215,30 @@ variables contains the authentication information needed for this.
 The first variable, @code{smtpmail-auth-credentials}, instructs the
 SMTP library to use a SASL authentication step, currently only the
 CRAM-MD5 and LOGIN mechanisms are supported and will be selected in
-that order if the server supports them.  The second variable,
-@code{smtpmail-starttls-credentials}, instructs the SMTP library to
-connect to the server using STARTTLS.  This means the protocol
-exchange can be integrity protected and confidential by using TLS, and
-optionally also authentication of the client.  It is common to use
-both these mechanisms, e.g., to use STARTTLS to achieve integrity and
-confidentiality and then use SASL for client authentication.
+that order if the server support both.
+
+The second variable, @code{smtpmail-starttls-credentials}, instructs
+the SMTP library to connect to the server using STARTTLS.  This means
+the protocol exchange may be integrity protected and confidential by
+using TLS, and optionally also authentication of the client.  This
+feature uses the elisp package @file{starttls.el} (see it for more
+information on customization), which in turn require that at least one
+of the following external tools are installed:
+
+@enumerate
+@item
+The GNUTLS command line tool @samp{gnutls-cli}, you can get it from
+@url{http://www.gnu.org/software/gnutls/}.  This is the recommended
+tool, mainly because it can verify the server certificates.
+
+@item
+The @samp{starttls} external program, you can get it from
+@file{starttls-*.tar.gz} from @uref{ftp://ftp.opaopa.org/pub/elisp/}.
+@end enumerate
+
+It is not uncommon to use both these mechanisms, e.g., to use STARTTLS
+to achieve integrity and confidentiality and then use SASL for client
+authentication.
 
 @table @code
 @item smtpmail-auth-credentials
@@ -231,11 +248,13 @@ hostname, port, username and password tuples.  When the SMTP library
 connects to a host on a certain port, this variable is searched to
 find a matching entry for that hostname and port.  If an entry is
 found, the authentication process is invoked and the credentials are
-used.  The hostname field follows the same format as
+used.
+
+The hostname field follows the same format as
 @code{smtpmail-smtp-server} (i.e., a string) and the port field the
 same format as @code{smtpmail-smtp-service} (i.e., a string or an
 integer).  The username and password fields, which either can be
-@code{nil} to indicate that the user is queried for the value
+@code{nil} to indicate that the user is prompted for the value
 interactively, should be strings with the username and password,
 respectively, information that is normally provided by system
 administrators.
@@ -246,10 +265,7 @@ administrators.
 tuples with hostname, port, name of file containing client key, and
 name of file containing client certificate.  The processing is similar
 to the previous variable.  The client key and certificate may be
-@code{nil} if you do not wish to use client authentication.  The use
-of this variable requires the @samp{starttls} external program to be
-installed, you can get @file{starttls-*.tar.gz} from
-@uref{ftp://ftp.opaopa.org/pub/elisp/}.
+@code{nil} if you do not wish to use client authentication.
 @end table
 
 The following example illustrates what you could put in