Re: Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for A

On Wed, 24 Jan 2007, The IESG wrote:

The IESG has received a request from an individual submitter to consider
the following document:

- 'SMTP Service Extension for Authentication '
  <draft-siemborski-rfc2554bis-07.txt> as a Proposed Standard

draft-siemborski-rfc2554bis does not appear to contain any text similar tothe last paragraph of section 4 in the rfc1734bis draft, requiring serversto support a configuration that does not permit passive password snooping.

I disagree with the choice of DIGEST-MD5 as the mandatory-to-implementmechanism. Given that many of the other protocols likely to be used by anSMTP client, such as POP3, IMAP4rev1, and LDAP, have chosen to specify"TLS followed by a cleartext password authentication" as their MtIauthentication method, specifying DIGEST-MD5 here seems like a needlessdifference. I see no reason to believe DIGEST-MD5 will be more deployablein SMTP/submission servers than in IMAP, POP3, or LDAP servers.



Philip Guenther

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Ipsec] RE: MUST implement AES-CBC for IPsec ESP, Vishwas Manral

Next by Date:

Re: Last Call: draft-siemborski-rfc1734bis (POP3 SASL Authentication Mechanism) to Proposed Standard, Philip Guenther

Previous by Thread:

IETF IP Contribution Policy, Lawrence Rosen

Next by Thread:

Re: Last Call: draft-siemborski-rfc2554bis (SMTP Service Extension for Authentication) to Proposed Standard, Lisa Dusseault

Indexes:

[Date] [Thread] [Top] [All Lists]