[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-23 08:11:55

On Fri, Jan 23, 2009 at 10:36:05AM +0100, Arnt Gulbrandsen wrote:
John C Klensin writes:
Question: Is it time to formally deprecate 821 and, in particular, the 
main feature that distinguishes it: the use of HELO by SMTP clients? 
We would still need to require that SMTP servers accept it, but we 
would tell full-capability clients (including the client side of 
relays and gateways) that HELO is obsolete.

I think a lot of people would answer "you mean it isn't already?"

One corollary of this is that we'd be telling low-capability clients, 
particularly those that are part of MUA systems, that they should be 
talking to Submit ports, not SMTP ones.

I beg to differ. Low-capability clients cannot effectively talk to 
submit, since submit tends to demand SASL support in the client.

Yes, this is fundamental problem in "never do plaintext authentication"
approach of current generation of specifications.  Only in some far
away hidden footnotes are things like plain-text login...

... which is still practical and safe, when it happens under STARTTLS.

(Surprising how much "low capability" systems are able to do TLS, but
not SASL..)


/Matti Aarnio   <mea(_at_)nic(_dot_)funet(_dot_)fi>
FUNET:  Finnish Academic and Research Network
        Network Information/Software Archival Service

<Prev in Thread] Current Thread [Next in Thread>