When I mentioned "challenge-response", I meant the very general term
as in CRAM, and not the common "challenge emails that require 'proof'
of a human".
Well that is going on but embedded deep in the TCP/IP sequence number.
The IP based auth is simply listing the valid IP addresses.
There have been suggestions of adding a C-R system to
the SMTP session to augment the TCP sequence numbers in authenticating
the IP address. If any proposal *required* this, it might rule out
the use in an MUA.
That is not being proposed.
I have not been seriously involved in IETF work groups before, but I
was under the impression that requirement documents in the charter
were not unheard off. (And, yes, I have read the "Tao of IETF" and
the WG RFC and such to try to get up to speed.)
I think that requirements docs can serve their purpose but not in
a WG that has a three month charter.