[Top] [All Lists]

Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt

2006-12-05 23:17:06

Frank Ellermann writes:
BTW, RFC 4422 and Wikipedia only mention TLS and IPsec, but not RADIUS, my first guess what EXTERNAL could be about.

EXTERNAL is about anything which tells the server who the client is without the client having to say it. It's a catch-all. Some examples: The client's IP address (POP-before-SMTP or strictly managed server room), TLS client certificate, authenticated VPN connection. Any of those can be leveraged in SASL using EXTERNAL,

IMO, it could work well but doesn't. If the server were permitted to advertise EXTERNAL only when its use would succeed, the client could use it automatically when possible and all would be smooth. If you're on a VPN and the server is smart, you're not asked for a password, otherwise you are. But EXTERNAL isn't defined that way, 4422 page 30 gets in the way.