I've just reviewed the ongoing arguments about the draft in question and
re-read the draft itself.
What strikes me is the level of argument over one section that could easily
be adjusted. I would recommend adjusting section 5 to say: "The strongest
available secure authentication mechanism is recommended". Let's face it,
the SMTP AUTH options are driven from the referenced protocol documents
(RFC2554).
Can we move on and get this document completed? Can we get the security
folks to help work on the next generation of RFC2554? It's time to decouple
that from a document that says "Use the Submission protocol so we can
support customers who're roaming, and ensure we aren't also permitting spam
relay."
What those of us operating networks would really like is a document like
the one under consideration to point software vendors at and say "We as
ISPs need you to support this so we can support your customers."
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf