Alan DeKok wrote:
Philip Miller <millenix(_at_)zemos(_dot_)net> wrote:
The LMAP discussion document needs cohesive review and editing, preferably
before we publish as and Internet Draft. IDs are nice for some things, but
it's easier if we make all of the changes we feel necessary before first
official publication.
Patches?
I've got a number of messages saved in a folder, and am planning to
update the document again before the end of the year.
Well, here's one more. I'm not sure what to do about the organization, and I
don't know how or where we would address the relevance of SMTP AUTH.
About the organization:
I don't think we should have 2 complete sections dedicated to
addressing, point by point, the specific requirements dreamt up by this
group. They should certainly all be addressed within the body of this
document, or in the protocol description. Basically, I think the best
way to address the myriad concerns is to integrate them in the
rationales for normative sections. I don't think we should end up with 2
separate documents when we're done, one describing the protocol(s) and
one defending it. This is not the norm from what I've seen in the RFCs,
assuming we intend to eventually publish this as an RFC. If there is a
precedent, point me to it and I'll stand corrected, but most things seem to
be completely integrated.
About Section 2.1.2 "Why prevent domain forgery, instead of end-user
forgery?":
End-user authentication definitely has some bearing on the workings of
LMAP. If some major mail-originating domain implemented LMAP, but made
no provision to prevent transmission of spam or forged messages through the
authorized servers, what good has it done? Worst case, you could have
LMAP-listed open relays.
We should definitely at least recommend the use of SMTP AUTH within domains
in tandem with LMAP.
--
Philip Miller
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg