Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13

Pete Resnick <> Tue, 29 May 2012 15:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 72BD921F8667; Tue, 29 May 2012 08:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -105.455
X-Spam-Status: No, score=-105.455 tagged_above=-999 required=5 tests=[AWL=1.144, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xrQCMmcm56zZ; Tue, 29 May 2012 08:04:24 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BA23821F8621; Tue, 29 May 2012 08:04:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=qcdkim; t=1338303864; x=1369839864; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-originating-ip; bh=4avYMMrYOkKzALCakmOJdMItE3Yaa5a5N35IXf56yaw=; b=BTYyQtlAxWvfCHMbauvMnOCBSxOrQX/blJJJ4YXzvt0N/rnvtuOuaUky HNkZwnop8+UM8MpgzfqqK4ThJDJxzVg5mgyuOMIy2kln23t/MQU1N3Rx+ oCrFFcFDUmYsNBURHxDxHxApIP0ItlCZOyyuH9w0wgadtj6crwIyHy3VY 8=;
X-IronPort-AV: E=McAfee;i="5400,1158,6725"; a="193252268"
Received: from ([]) by with ESMTP; 29 May 2012 08:04:23 -0700
X-IronPort-AV: E=Sophos;i="4.75,677,1330934400"; d="scan'208";a="159416906"
Received: from ([]) by with ESMTP/TLS/RC4-SHA; 29 May 2012 08:04:23 -0700
Received: from Macintosh-4.local ( by ( with Microsoft SMTP Server (TLS) id; Tue, 29 May 2012 08:04:23 -0700
Message-ID: <>
Date: Tue, 29 May 2012 10:04:20 -0500
From: Pete Resnick <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: Barry Leiba <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: []
Cc:, S Moonesamy <>,,
Subject: Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 May 2012 15:04:25 -0000

On 5/21/12 6:39 PM, Barry Leiba wrote:
>>>   Message Submission Agents MUST implement a policy that only allows
>>>   authenticated users (or only certain groups of authenticated users)
>>>   to specify message transfer priorities, and MAY restrict maximum
>>>   priority values different groups of users can request, or MAY
>>>   override the priority values specified by MUAs.
>> I would have used a "SHOULD only allow authenticated users" and explain that
>> there is a policy override.  It's to get around the "MUST implement a
>> policy".
> I think I actually prefer it the way it is, because it highlights the
> key point that this is all a policy decision.  If, in fact, an
> implementation should allow a policy that everyone's considered
> authenticated, and some deployment should choose that policy, I'd be
> fine with it... because they have chosen their policy.

But then the "MUST implement a policy that only allows authenticated 
users" would be bogus, because they didn't do that.

On 5/24/12 3:30 AM, Alexey Melnikov wrote:

> I tend to agree with Barry that this should remain MUST.

To agree with SM to an extent: If it needs to be a MUST, why is it not 
"Message Submission Agents MUST only allow authenticated users..."? 
What's with the "implement a policy" thing?

I think you have to make a decision here: If you think that it harms 
things to have unauthenticated users specifying priorities, say "MUST 
only allow authenticated users". If you think that it's OK to set policy 
to allow anyone, say, "SHOULD only allow authenticated users" and 
explain that policy can change that. I have no idea how the current text 
is reasonably actionable.


Pete Resnick<>
Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102