Murray S. Kucherawy wrote:
Do they deviate from the SMTP AUTH framework in any way, other than
maybe the method name?
No deviation other than a private method name, proprietary, but
standard implementation of SMTP AUTH. Just a private/unique method
100% designed for proprietary client entry only.
That's really what I'm after. If you do your own thing with its own
name but still stick to the general base64 and "334" and such, then
it's still compliant as far as the context about which I'm asking.
I see your point.
We consider it a trade secret and part of our corporate and legal
security policy not divulge details, but frankly nothing special other
than leveraging a standard protocol method including the client/server
base64 SASL challenge/response handshaking and the expected SMTP AUTH
reply codes that by design offers the flexibility to offer new
methods, including non-standard ones.
While off hand at the moment I can't recall any specific method by
name, I would swear there are quite a few of others private methods by
just seeing some obscure/unknown AUTH names exposed in logs. But I
don't known if they were ever proposed I-D or not.
--
Sincerely
Hector Santos
http://www.santronics.com
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net