I guess one other comment: I believe that all LMAP proposals can do
their work inside the MTA during the transaction, but they could also
do their work later on in, say, a spam filter or the MUA.
The spec has two basic parts, sender and receiver. Only the sender
part of the spec has to be standardized to make interoperability
work. Ergo only the sender part should be normative.
The description of the receiver part of the spec should be marked
non-normative. If someone works out a way to interpret the information
that is 'better' they will use it.
I think that it is very important to be able to create a system that
is useful both during them SMTP session, and after. A system that,
for example, requires a challenge-response during the SMTP session
that couldn't be done later, would not be very useful. Similarly, a
system that required human interaction could work in the MUA, but not
in the MTA.
I beleive that the charter is very narrowly drawn to make sure that
we only address the issue that is absolutely critical here - sender
authentication by means of IP address information published in the
DNS. Everything else apart from that record is out of scope.
As for challenge-response, I think that is now so discredited that
there is no way anything could happen in three months. This is a pity
since although I detest these people who think they are so important
that they use these schemes for every email they ever send, there are
justifications. For example, confirming mailing list subscriptions is
good. Given the amount of hassle I get from people sending me Zip files
with viruses I don't think its unreasonable to use C/R for that particular
But I do think it unreasonable to expect anything useful to happen
using C/R by August.
Is this a valid requirement for the charter? All the references to
"MTA" in the charter kind of makes it sound like being able to work in
the MUA is not important.
I think the references bind to the originating MTA. I don't think the
recieving MTA is referenced as the focus of the work.
Should this be a requirement for the charter also? Or, should we
leave it up in the air?
The charter describes only the scope of the work, not the requirements
for the work. So it is good as written