Re: [yam] draft-daboo-srv-email: POP3S/IMAPS?

[Sabahattin Gucukoglu <mail@sabahattin-gucukoglu.com>]

On 17 Jan 2010, at 17:35, Ned Freed wrote:
>> Shouldn't we be seriously discouraging that usage?
> 
> Perhaps. But a provisioning mechanism specification isn't the place to do it.
> 
The specification, if it describes the method of "Wrapped SSL", must explain what's wrong with it, and we know too well what's wrong with it (implementation specific behaviours, IANA problems, negotiation problems, although the latter is addressed in part by this very specification).  If it doesn't describe a specification that the IETF wrote or vouches for, then that specification needs to be written.  Otherwise, it shouldn't specify its usage at all.

Happily, this specification *does* explain the procedure for wrapping POP/IMAP/SMTP inside a directly-negotiated SSL stream, so all that's required now is to explain why, in all this time, we haven't documented it before now.  Perhaps we can even kill two birds with one stone. :-)

> If you want to promote or discourage a particular approach to deploying network
> services, you need to do it directly. Write a "IMAPS/POPS considered harmful"
> draft and get it published.
> 
See above; I have no problem with propitiating those who choose to do it wrong, but only so long as they don't do it very wrong, and hurt lots of innocent bystanders who obey well-written rules as a consequence of their own desires.  The deployment or not of broken vs correct behaviour will speak for itself, and I have no problem with that.  But neither should we simply allow for the specification of broken behaviour without a cautionary note.

Cheers,
Sabahattin