[Top] [All Lists]

Re: Proprietary or non-standard SMTP AUTH mechanisms

2012-01-12 21:44:37

Murray S. Kucherawy wrote:

Do they deviate from the SMTP AUTH framework in any way, other than maybe the method name?

No deviation other than a private method name, proprietary, but standard implementation of SMTP AUTH. Just a private/unique method 100% designed for proprietary client entry only.

That's really what I'm after. If you do your own thing with its own name but still stick to the general base64 and "334" and such, then it's still compliant as far as the context about which I'm asking.

I see your point.

We consider it a trade secret and part of our corporate and legal security policy not divulge details, but frankly nothing special other than leveraging a standard protocol method including the client/server base64 SASL challenge/response handshaking and the expected SMTP AUTH reply codes that by design offers the flexibility to offer new methods, including non-standard ones.

While off hand at the moment I can't recall any specific method by name, I would swear there are quite a few of others private methods by just seeing some obscure/unknown AUTH names exposed in logs. But I don't known if they were ever proposed I-D or not.


Hector Santos
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net

<Prev in Thread] Current Thread [Next in Thread>