the SUBMISSION protocol (basically SMTP on another port, but
requiring authentication) is simpler than that. see RFC 2476.
We have implemented a submission port, but it is hardly a panacea.
Outlook only supports plain text passwords (which is a step down from
no passwords, in my opinion)
surely it does plain text over SSL/TLS? it's hard to do better than
that, as the other solutions (keyed hash functions, client certs,
kerberos) require new infrastructure that usually isn't in place.
I believe this is an excellent long run
solution, but till the MUAs take it seriously, it will be hard to
impose it on recalcitrant operators of open relays.
we haven't found passwords-over-SSL to be terribly onerous.
Keith
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg