[Top] [All Lists]

Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt

2006-12-04 12:08:02

Alexey Melnikov wrote:

RFC 2822 <addr-spec> allows for CFWS around different separating
characters and other horrible things.

Ugh...  yes, you don't want this, I confused it, sorry.  We want
the same thing, but the <mailbox> also isn't it, RFC 2882 says:

| mailbox         =       name-addr / addr-spec

I guess you have to roll your own if you want to avoid CFWS and
the 2822 obs-cenities, how about this:

+ mailbox         =       id-left "@" id-right

You know the details like NO-WS-CTL from "elsewhere"... <eg>

I don't believe people have actually used this syntax for the
AUTH parameter.

ACK, same here.  For 2368 Paul confirmed it on the URI list, or
maybe it was EAI, that <mailbox> isn't what he wanted.

I miss a discussion of ESMTPA etc., and a corresponding 
normative reference (RFC 3848).

I like the idea, but I need to think about the exact text and
the best place to insert it.

Maybe copy what you need from the Wikipedia article.  Of course
a mandatory DIGEST-MD5 won't fly, it's far too horrible for
implementors.  Does any MTA claiming to support it exist, and
does it interoperate with any existing MUA ?  

For CRAM-MD5 I'm sure that it works, and that it's implemented,
and that folks using it survived the risk to get no <cnonce>.