Re: Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard
- To: ietf at ietf.org
- Subject: Re: Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard
- From: Philip Guenther <guenther at sendmail.com>
- Date: Wed, 24 Jan 2007 20:15:05 -0700
- Dkim-signature: a=rsa-sha1; c=relaxed/simple; d=sendmail.com; s=tls.dkim; t=1169694913; bh=cGhKce1Q+XNI5P1iEYyXEdRnxBA=; h=X-DomainKeys: DomainKey-Signature:Date:From:X-X-Sender:To:Subject:In-Reply-To: Message-ID:References:MIME-Version:Content-Type; b=asAUvs2k7FQiYAqD Qs5PJ8h2CwnuQ1J888xLLRcO1CmRiPWSkeGfW6HWkIbInVWF4kDC2/ZEC7E7IvC4trd kGCvbPBXaK9d1cIyucfJ/s06pZ8upe6u6bua2MdPf9XDizIuvreWrIHMCWyBGAeNQLQ JWWdHUuSpKvq9sXLqHgt4=
- Domainkey-signature: a=rsa-sha1; s=tls; d=sendmail.com; c=nofws; q=dns; h=date:from:x-x-sender:to:subject:in-reply-to:message-id: references:mime-version:content-type; b=pdFh5TM+FK4HAPAxvlPcL4rPIEQ0n0nbsL5LPrDlen5LNroTViD492G1mGN7cyZn5 b+Al9TnQZdo4ZhkB7OfX/p6gP7OpBSMpnsdo9EeABK9kxCN2YGd1m5Ruy6WoL/V6i1U Urjj5eat4bkLpMSk1fboPeOGKt3m5Dl7nz6mkAw=
- In-reply-to: <E1H9prk-0004yc-8H@stiedprstage1.ietf.org>
- List-help: <mailto:ietf-request@ietf.org?subject=help>
- List-id: IETF-Discussion <ietf.ietf.org>
- List-post: <mailto:ietf@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
- References: <E1H9prk-0004yc-8H@stiedprstage1.ietf.org>
On Wed, 24 Jan 2007, The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'SMTP Service Extension for Authentication '
<draft-siemborski-rfc2554bis-07.txt> as a Proposed Standard
draft-siemborski-rfc2554bis does not appear to contain any text similar to
the last paragraph of section 4 in the rfc1734bis draft, requiring servers
to support a configuration that does not permit passive password snooping.
I disagree with the choice of DIGEST-MD5 as the mandatory-to-implement
mechanism. Given that many of the other protocols likely to be used by an
SMTP client, such as POP3, IMAP4rev1, and LDAP, have chosen to specify
"TLS followed by a cleartext password authentication" as their MtI
authentication method, specifying DIGEST-MD5 here seems like a needless
difference. I see no reason to believe DIGEST-MD5 will be more deployable
in SMTP/submission servers than in IMAP, POP3, or LDAP servers.
Philip Guenther
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
