Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard

To: Philip Guenther <guenther+ietf at sendmail.com>
Subject: Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard
From: Alexey Melnikov <alexey.melnikov at isode.com>
Date: Mon, 29 Jan 2007 15:05:16 +0000
Cc: ietf at ietf.org
In-reply-to: <Pine.BSO.4.64.0701241759090.24611@vanye.mho.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <E1H9pfy-0002T1-Hx@stiedprstage1.ietf.org> <Pine.BSO.4.64.0701241759090.24611@vanye.mho.net>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915

Philip Guenther wrote:

On Wed, 24 Jan 2007, The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'POP3 SASL Authentication Mechanism '
  <draft-siemborski-rfc1734bis-10.txt> as a Proposed Standard
My apologies to the authors for not commenting on this document earlier.
Both this document and the related draft-siemborski-rfc2554bis discuss how the client can cancel an authentication exchange by sending a line with a single "*", but then fail to permit that in the ABNF of what the client sends.


Hi Philip,
Good catch.

The 'auth-resp' production might have been part of an attempt to permit that, but it's not referenced or explained. I therefore suggest dropping the dangling 'auth-resp' line and changing this production:
      auth-command    = "AUTH" SP sasl-mech [SP (base64 / "=")] *(CRLF
                        [base64]) CRLF
to something like
      auth-command    = "AUTH" SP sasl-mech [SP (base64 / "=")]
                        *(CRLF [base64]) [ CRLF "*" ] CRLF
or better: it should be consistent with the other document, draft-siemborski-rfc2554bis, and have a production for the initial response. One for the cancel response would clarify the usage:
      auth-command    = "AUTH" SP sasl-mech [SP initial-response]
                        *(CRLF [base64]) [CRLF cancel-response] CRLF
      initial-response= base64 / "="
      cancel-response = "*"
A similar change should be made to the rfc2554bis draft.


I've done this change to my copy of rfc2554bis.
Thanks!

Otherwise, I support the advancement of this document. It's definitely an improvement over the existing scattering of documents.


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard
  - From: Philip Guenther

Prev by Date: RE: IETF IP Contribution Policy
Next by Date: Re: ion-procdocs open for public comment
Previous by thread: Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard
Next by thread: Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.