Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (was: Re: apps-team review of draft-ietf-eai-rfc5336bis)
John C Klensin <klensin@jck.com> Mon, 27 December 2010 18:47 UTC
Return-Path: <klensin@jck.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10A2B3A67B4; Mon, 27 Dec 2010 10:47:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.514
X-Spam-Level:
X-Spam-Status: No, score=-2.514 tagged_above=-999 required=5 tests=[AWL=0.085, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFz-GYd4n9EG; Mon, 27 Dec 2010 10:47:07 -0800 (PST)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by core3.amsl.com (Postfix) with ESMTP id 8EF5E3A67A7; Mon, 27 Dec 2010 10:47:06 -0800 (PST)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1PXI83-000Njv-Hx; Mon, 27 Dec 2010 13:49:07 -0500
X-Vipre-Scanned: 058133FB001DEB05813548-TDI
Date: Mon, 27 Dec 2010 13:49:06 -0500
From: John C Klensin <klensin@jck.com>
To: Al Costanzo <al@akc.com>, Ned Freed <ned.freed@mrochek.com>
Message-ID: <7C0660F7DFFE9C1990252217@[192.168.1.128]>
In-Reply-To: <3F5293BF906846C89013734B3D6262D9@upstairs>
References: <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it> <01NVQAP0UQRU007CHU@mauve.mrochek.com> <227C2506194609988B81BE4F@PST.JCK.COM> <01NVVQNSWU7U007CHU@mauve.mrochek.com> <3F5293BF906846C89013734B3D6262D9@upstairs>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: ima@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (was: Re: apps-team review of draft-ietf-eai-rfc5336bis)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Dec 2010 18:47:08 -0000
--On Monday, December 27, 2010 12:00 AM -0500 Al Costanzo <al@akc.com> wrote: >... > Ned, > > If my memory servers me, (and it may not), > > There were good reasons why VRFY supported this. I dont know > if any are valid anymore but one idea was that you could send > the persons name, not the email address, to find out if that > person had an email address on that system. and what that address was, of course. This was heavily used for a while with both VRFY and, separately with finger, to get from name to email address. The advantage of the VRFY approach was that it would permit a user to enter an address that might look like "John Klensin@example.com" at which point the MUA would send VRFY John Klensin to the mail server at example.com, get back an address, and then open a mail session. Of course, Ned's observations about lousy support (with which I agree) notwithstanding, the variation of VRFY "John\ Klensin" would have been fully 821-compliant. I vaguely remember one MUA that would send the first (escape-less) version and then send the second if the reply from the first was "no 'John; here" or "syntax error" rather than "no 'John Klensin' here". The heuristic is pretty trivial. That use of VRFY became less popular as MUAs became more separate from first-hop full service MTA (aka submission servers) because that sort of use of VRFY pretty much requires at least some SMTP capability (including domain name lookups, coping with MXs, etc.) in the MUAs, ability to use port 25 connections from just about anywhere, etc. I don't know whether the usage is gone entirely, but it is certainly a lot less common than it appeared to be many years ago. > Was this not the reason Ned to allow blanks (whitespace) and > unquoted strings? If you remove this from the spec, this > functionality would be lost, I don't really see a reason to > lose something that works. Especially if the clock could be turned back, one could allow only the single form VRFY "John Klensin" just getting rid of the bare, unquoted, backslash escape that was permitted by 821 but that 5321 already excludes. >>> RFC 5321, Section 4.1.4, explicitly >>> permits sending VRFY or EXPN without first having EHLO in the >>> session. So there is another implicit requirement in all of >>> this that should almost certainly be made explicit. > I do not remember VRFY command requiring the EHELO, there are > a number of mailing list verifiers that do not send the EHELO > first. It never has been a requirement although sending EHLO (or HELO) first has always been harmless. Either 5321 or 2821 simply made it very clear that there was no such requirement. > Verifiers, since they do not actually send email, > usually dont send the EHELO first. (our application does) and > I think requiring the EHELO first as part of a handshake it > the proper way to do this. That is one issue on the side of "new command". If one now decides to require EHLO first, then all existing uses of VRFY without it (which conform perfectly well to 5321 and all of its predecessors) become invalid, That is pretty uncomfortable to me. By contrast, if one creates the new command, then, if the response to EHLO includes some sort of EXTENDED-VRFY capability (see below), one could have: -- VRFY without EHLO as requesting the 5321 behavior (with or without non-conforming extensions or flexibility and with responses limited to ASCII). -- EHLO, then VRFY as requesting the 5321 behavior, identical to that above. -- EHLO, then New-VRFY as requiring a strict Atom or Quoted-string optionally followed by a parameter list. Note that, if the non-conforming client behavior we know is out there is used, then VRFY Costanzo 8BITREPLIES-OK or equivalent could be interpreted by the server as either of VRFY "Constanzo\ 8BITREPLIES-OK" or as coming with a parameter, or as a syntax error, in either VRFY case. Not really a good idea, IMO, and at least one reason we have not permitted the use of extended parameters with older SMTP commands with EHLO and capability permission. Note too that the last paragraph of RFC 5321 Section 3.5.1 is, in part and while not explicit, a caution against treating the standard syntax too literally or narrowly. We could, in principle, do a completely new command without involving the extension mechanism at all, thereby allowing sending it before or without EHLO, but that strikes me as a really scary idea. > Only my humble opinon. Only mine also -- I really don't have my mind made up about this and am just trying to get the various arguments in front of the WG. john p.s. I agree with what I take to be at least a corollary to Ned's remarks: having EAI create special-purpose commands that are not very narrowly tied to i18n issues would be a bad idea. If there is any perceived need for a new command, we ought to define in a separate I-D, as (impossible keyword is deliberate to clarify that this is not a proposal) NewVRFY String *(SP esmtp-param) with String given only the 5321 interpretation, not the 821 one, and then process that command through the SMTP list, etc. If that appeals to anyone, I might generate a strawman just to facilitate the discussion.
- [apps-discuss] Analysis of comments on 5336bis (w… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN Alexey Melnikov
- [apps-discuss] apps-team review of draft-ietf-eai… Claudio Allocchio
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- [apps-discuss] RFC5336 and VRFY/EXPN (was: Re: [E… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Al Costanzo
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… John C Klensin