Frank Ellermann wrote:
Alexey Melnikov wrote:
RFC 2822 <addr-spec> allows for CFWS around different separating
characters and other horrible things.
Ugh... yes, you don't want this, I confused it, sorry. We want
the same thing, but the <mailbox> also isn't it, RFC 2882 says:
| mailbox = name-addr / addr-spec
I guess you have to roll your own if you want to avoid CFWS and
the 2822 obs-cenities, how about this:
+ mailbox = id-left "@" id-right
You know the details like NO-WS-CTL from "elsewhere"... <eg>
The draft is referencing <mailbox> from RFC 2821, not from RFC 2822!
I don't believe people have actually used this syntax for the
AUTH parameter.
ACK, same here. For 2368 Paul confirmed it on the URI list, or
maybe it was EAI, that <mailbox> isn't what he wanted.
I miss a discussion of ESMTPA etc., and a corresponding
normative reference (RFC 3848).
I like the idea, but I need to think about the exact text and
the best place to insert it.
Maybe copy what you need from the Wikipedia article.
Are you talking about CRAM-MD5/DIGEST-MD5 or ESMTPA? I was talking about
the latter here.
Of course
a mandatory DIGEST-MD5 won't fly, it's far too horrible for
implementors.
Does any MTA claiming to support it exist, and
does it interoperate with any existing MUA ?
Yes and yes.
For CRAM-MD5 I'm sure that it works, and that it's implemented,
and that folks using it survived the risk to get no <cnonce>.
I don't think CRAM-MD5 is a starter due to security concerns.