On Fri, Jan 23, 2009 at 10:36:05AM +0100, Arnt Gulbrandsen wrote:
John C Klensin writes:
Question: Is it time to formally deprecate 821 and, in particular, the
main feature that distinguishes it: the use of HELO by SMTP clients?
We would still need to require that SMTP servers accept it, but we
would tell full-capability clients (including the client side of
relays and gateways) that HELO is obsolete.
I think a lot of people would answer "you mean it isn't already?"
One corollary of this is that we'd be telling low-capability clients,
particularly those that are part of MUA systems, that they should be
talking to Submit ports, not SMTP ones.
I beg to differ. Low-capability clients cannot effectively talk to
submit, since submit tends to demand SASL support in the client.
Yes, this is fundamental problem in "never do plaintext authentication"
approach of current generation of specifications. Only in some far
away hidden footnotes are things like plain-text login...
... which is still practical and safe, when it happens under STARTTLS.
(Surprising how much "low capability" systems are able to do TLS, but
not SASL..)
Arnt
--
/Matti Aarnio <mea(_at_)nic(_dot_)funet(_dot_)fi>
FUNET: Finnish Academic and Research Network
Network Information/Software Archival Service