Philip Guenther wrote:
On Wed, 24 Jan 2007, The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'POP3 SASL Authentication Mechanism '
<draft-siemborski-rfc1734bis-10.txt> as a Proposed Standard
My apologies to the authors for not commenting on this document earlier.
Both this document and the related draft-siemborski-rfc2554bis discuss
how the client can cancel an authentication exchange by sending a line
with a single "*", but then fail to permit that in the ABNF of what
the client sends.
Hi Philip,
Good catch.
The 'auth-resp' production might have been part of an attempt to
permit that, but it's not referenced or explained. I therefore
suggest dropping the dangling 'auth-resp' line and changing this
production:
auth-command = "AUTH" SP sasl-mech [SP (base64 / "=")] *(CRLF
[base64]) CRLF
to something like
auth-command = "AUTH" SP sasl-mech [SP (base64 / "=")]
*(CRLF [base64]) [ CRLF "*" ] CRLF
or better: it should be consistent with the other document,
draft-siemborski-rfc2554bis, and have a production for the initial
response. One for the cancel response would clarify the usage:
auth-command = "AUTH" SP sasl-mech [SP initial-response]
*(CRLF [base64]) [CRLF cancel-response] CRLF
initial-response= base64 / "="
cancel-response = "*"
A similar change should be made to the rfc2554bis draft.
I've done this change to my copy of rfc2554bis.
Thanks!
Otherwise, I support the advancement of this document. It's
definitely an improvement over the existing scattering of documents.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf