----- Original Message -----
From: "Andrew Newton" <andy(_at_)hxr(_dot_)us>
To: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, April 15, 2004 6:45 PM
Subject: Identities and authorization
3) While our work may impact DNS and email implementations, our charter
does not give us the proper scope to make changes to either RFC 2821 or
RFC 2882. So which identities do not require us to wonder beyond our
charter?
Hi Andrew,
RFC 2821.
This is precisely the reason why RFC 2821 should be the focus since I
believe most people wish to work with SMTP compatibility in mind. Unless we
are making changes to the SMTP model, we need to reinforce what we already
have. RFC 2822 requires a "expected" format which is not guaranteed to be
there. This should not suggest RFC 2822 should not be excluded but it is a
secondary scope where a secondary "process" may be applied. While it can be
processed at the DATA stage, this is system implementation dependent and
there is really nothing more added to the validation process unless hop
analysis is performed to add weight to a "chain of trust" concept. Sender:
is not guaranteed to be there. From: is required, but some systems already
auto-create it from 2821 Mail From: and don't require it for transaction.
So there is no standard method or behavior at the DATA or POST SMTP stage.
However, this is not the case with RFC 2821. There is a standard. The
problem we face today is exploited relaxed SMTP provisions which only
requires a re-statement of enforcement and it my hope we do this by using
LMAP DNS-based related ideas. Again, that doesn't say it can also apply to
RFC 2822, but we should not make this the focus in lieu of RFC 2821.
Thanks for your helpful input.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com