Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-0

Frank Ellermann writes:
> BTW, RFC 4422 and Wikipedia only mention TLS and IPsec, but not 
> RADIUS, my first guess what EXTERNAL could be about.
EXTERNAL is about anything which tells the server who the client is 
without the client having to say it. It's a catch-all. Some examples: 
The client's IP address (POP-before-SMTP or strictly managed server 
room), TLS client certificate, authenticated VPN connection. Any of 
those can be leveraged in SASL using EXTERNAL,
IMO, it could work well but doesn't. If the server were permitted to 
advertise EXTERNAL only when its use would succeed, the client could 
use it automatically when possible and all would be smooth. If you're 
on a VPN and the server is smart, you're not asked for a password, 
otherwise you are. But EXTERNAL isn't defined that way, 4422 page 30 
gets in the way.
Arnt