----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Tony Finch" <dot(_at_)dotat(_dot_)at>
Cc: "Andrew Newton" <andy(_at_)hxr(_dot_)us>; "MARID WG"
<ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, July 01, 2004 4:33 PM
Subject: Re: CSV and alternative authentication techniques
This is covered in Dave's CSV draft, but as SASL is useful only within a
Closed system, perhaps a statement that both authentication and
authorization are presumed of a holder of secret information, used to
authenticate, where the relevant accreditation namespace is dependent
upon the Open method used. This would presume a Closed method would not
require accreditation.
I believe "closed" is the wrong term to use here as it implies everyone must
be authenticated as it usually is in a "closed system."
SASL extremely useful for an OPEN system. It offers a system with an User
Database a way to authenticate users based on user name/id and password
pretty much for the sole purpose of allowing "routing." I mean, what other
access priveledge can a SMTP server offer other than final destination vs
routing mail?
In my opinion, I don't think CSV should stay clear, far away from trying to
alter or change the usefulness of SASL. Many operators depend on it and
have put many support hours getting they users setup for it - for one reason
only - to allow their users to route.
Anyway, I see this as an implementation issue, because from what I see, if I
were to put this in today, I could only do so after SASL is established or
not. If so, CVS is skipped. If not, then the delayed CVS logic is
started.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com