Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13

Alexey Melnikov <> Wed, 30 May 2012 17:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1E59C21F8627; Wed, 30 May 2012 10:07:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.527
X-Spam-Status: No, score=-102.527 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ziIfV3MCSdFd; Wed, 30 May 2012 10:07:48 -0700 (PDT)
Received: from ( [IPv6:2a00:14f0:e000:7c::2]) by (Postfix) with ESMTP id 0BEBD21F8623; Wed, 30 May 2012 10:07:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1338397667;; s=selector;; bh=1UhU2N+uQaFDSLtCbE93wBi06Ya10RAXFGXnEi9/KVw=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=uE3BfkzQ/kQ/sYUEebRUw0Yla7ar1Hc1Wq0oFW8FgKqGjM1+CFExgKb3uA0LNbzGvew+QK HKd4YubdVaFB8Z7XpxvAEaorSc7ukWELmHN21zzKMIRlp2EMHRzOUuAEkYHsGNAh5+cCKC 9kWYGeKegBDj+jSOkXPRHeVPIkvGov4=;
Received: from [] ( []) by (submission channel) via TCP with ESMTPSA id <>; Wed, 30 May 2012 18:07:47 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <>
Date: Wed, 30 May 2012 18:07:44 +0100
From: Alexey Melnikov <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: Pete Resnick <>
References: <> <> <>
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc:, Barry Leiba <>, S Moonesamy <>,,
Subject: Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 May 2012 17:07:49 -0000

On 29/05/2012 16:04, Pete Resnick wrote:
> On 5/21/12 6:39 PM, Barry Leiba wrote:
>>>>   Message Submission Agents MUST implement a policy that only allows
>>>>   authenticated users (or only certain groups of authenticated users)
>>>>   to specify message transfer priorities, and MAY restrict maximum
>>>>   priority values different groups of users can request, or MAY
>>>>   override the priority values specified by MUAs.
>>> I would have used a "SHOULD only allow authenticated users" and 
>>> explain that
>>> there is a policy override.  It's to get around the "MUST implement a
>>> policy".
>> I think I actually prefer it the way it is, because it highlights the
>> key point that this is all a policy decision.  If, in fact, an
>> implementation should allow a policy that everyone's considered
>> authenticated, and some deployment should choose that policy, I'd be
>> fine with it... because they have chosen their policy. 
> But then the "MUST implement a policy that only allows authenticated 
> users" would be bogus, because they didn't do that.
> On 5/24/12 3:30 AM, Alexey Melnikov wrote:
>> I tend to agree with Barry that this should remain MUST.
> To agree with SM to an extent: If it needs to be a MUST, why is it not 
> "Message Submission Agents MUST only allow authenticated users..."? 
> What's with the "implement a policy" thing?
> I think you have to make a decision here: If you think that it harms 
> things to have unauthenticated users specifying priorities, say "MUST 
> only allow authenticated users". If you think that it's OK to set 
> policy to allow anyone, say, "SHOULD only allow authenticated users" 
> and explain that policy can change that. I have no idea how the 
> current text is reasonably actionable.

I mostly used the current wording to avoid discussing what is 
authentication. I didn't mean "authentication with SMTP AUTH", because 
authentication by IP address is quite common (and sufficient in some