[Top] [All Lists]

Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt

2006-12-04 12:28:42

Frank Ellermann wrote:

Alexey Melnikov wrote:
RFC 2822 <addr-spec> allows for CFWS around different separating
characters and other horrible things.
Ugh...  yes, you don't want this, I confused it, sorry.  We want
the same thing, but the <mailbox> also isn't it, RFC 2882 says:

| mailbox         =       name-addr / addr-spec

I guess you have to roll your own if you want to avoid CFWS and
the 2822 obs-cenities, how about this:

+ mailbox         =       id-left "@" id-right

You know the details like NO-WS-CTL from "elsewhere"... <eg>
The draft is referencing <mailbox> from RFC 2821, not from RFC 2822!

I don't believe people have actually used this syntax for the
AUTH parameter.
ACK, same here.  For 2368 Paul confirmed it on the URI list, or
maybe it was EAI, that <mailbox> isn't what he wanted.
I miss a discussion of ESMTPA etc., and a corresponding normative reference (RFC 3848).
I like the idea, but I need to think about the exact text and
the best place to insert it.
Maybe copy what you need from the Wikipedia article.

Are you talking about CRAM-MD5/DIGEST-MD5 or ESMTPA? I was talking about the latter here.

Of course
a mandatory DIGEST-MD5 won't fly, it's far too horrible for

Does any MTA claiming to support it exist, and
does it interoperate with any existing MUA ?
Yes and yes.

For CRAM-MD5 I'm sure that it works, and that it's implemented,
and that folks using it survived the risk to get no <cnonce>.
I don't think CRAM-MD5 is a starter due to security concerns.