Re: [yam] Interop problem: SMTP submission, STARTTLS, AUTH EXTERNAL

Tony Hansen <tony@att.com> Thu, 06 May 2010 21:46 UTC

Return-Path: <tony@att.com>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1F03E3A6A42 for <yam@core3.amsl.com>; Thu, 6 May 2010 14:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.351
X-Spam-Level:
X-Spam-Status: No, score=-106.351 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0UUMwiLdYbz for <yam@core3.amsl.com>; Thu, 6 May 2010 14:46:45 -0700 (PDT)
Received: from mail120.messagelabs.com (mail120.messagelabs.com [216.82.250.83]) by core3.amsl.com (Postfix) with ESMTP id 2EB243A6A98 for <yam@ietf.org>; Thu, 6 May 2010 14:46:45 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: tony@att.com
X-Msg-Ref: server-14.tower-120.messagelabs.com!1273182391!43898115!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [144.160.20.145]
Received: (qmail 24477 invoked from network); 6 May 2010 21:46:31 -0000
Received: from sbcsmtp6.sbc.com (HELO mlpd192.enaf.sfdc.sbc.com) (144.160.20.145) by server-14.tower-120.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 6 May 2010 21:46:31 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id o46LkifT009790 for <yam@ietf.org>; Thu, 6 May 2010 17:46:44 -0400
Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by mlpd192.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id o46Lkf3S009778 for <yam@ietf.org>; Thu, 6 May 2010 17:46:42 -0400
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.3/8.14.3) with ESMTP id o46LkSTo018069 for <yam@ietf.org>; Thu, 6 May 2010 17:46:28 -0400
Received: from maillennium.att.com (dns.maillennium.att.com [135.25.114.99]) by alpd052.aldc.att.com (8.14.3/8.14.3) with ESMTP id o46LkPtA018000 for <yam@ietf.org>; Thu, 6 May 2010 17:46:25 -0400
Received: from [135.91.110.230] (ds135-91-110-230.dhcps.ugn.att.com[135.91.110.230]) by maillennium.att.com (mailgw1) with ESMTP id <20100506214624gw100b8i72e> (Authid: tony); Thu, 6 May 2010 21:46:25 +0000
X-Originating-IP: [135.91.110.230]
Message-ID: <4BE338B0.2090208@att.com>
Date: Thu, 06 May 2010 17:46:24 -0400
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: yam@ietf.org
References: <4DE3D88239911A6791730051@96B2F16665FF96BAE59E9B90> <4BDD762E.5020606@tana.it> <4BE2B8EC.8030201@att.com> <alpine.BSF.2.00.1005061043150.26027@joyce.lan> <4BD612FD062FFBA59BA683A8@96B2F16665FF96BAE59E9B90> <01NMSSIQ6LTO0000BI@mauve.mrochek.com>
In-Reply-To: <01NMSSIQ6LTO0000BI@mauve.mrochek.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [yam] Interop problem: SMTP submission, STARTTLS, AUTH EXTERNAL
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2010 21:46:46 -0000

Ned, do you think an update to 4954 (SMTP Service Extension for 
Authentication) plus an update to 4422 (SASL, where AUTH EXTERNAL is 
defined) would suffice?

While the issue does affect 4409 (Submit), I'm still not convinced that 
the issue needs to be solved in an 4409 update.

     Tony

On 5/6/2010 4:20 PM, Ned Freed wrote:
>> So I will accept an argument that AUTH EXTERNAL provides little value
>> specifically to SMTP (beyond and explicit protocol indication that the
>> client certificate was acceptable for SMTP-level authentication to the
>> server, something that helps the client to produce better end-user
>> diagnostics), which is why I proposed option 2.  But I do consider AUTH
>> EXTERNAL an important mechanism in general.
>
> Agreed. I personally prefer to have a consistent approach across 
> protocols,
> which would argue for option 1 or 3, not 2, but I don't think the "it 
> can all
> be dealt with in an AUTH EXTERNAL update" idea passes technical muster.
>
>                 Ned