Message Submission for Mail
RFC 4409

Note: This ballot was opened for revision 02 and is now closed.

(Harald Alvestrand) Discuss

Discuss (2005-03-03 for -)
1) The "MUST implement" vs "MUST use" discussion from the IETF list needs to have a resolution.
2) Spencer Dawkins' review contains a few things that need cleaning up.

My preferred resolution to the "MUST SMTP-AUTH" issue is to reformulate section 4.3 something like this:

4.3.  Require Authentication
    A conforming MSA implementation MUST implement [SMTP-AUTH].
    The RECOMMENDED deployment practice is to configure the MSA so that it
    issues an error response to the MAIL FROM command if the
    session has not been authenticated using [SMTP-AUTH], unless it has
    already independently established authentication or authorization
    (such as being within a protected subnetwork).

My opinion is that the IETF cannot outlaw stupidity in configuration; we should try to say that you can't ship conformant products that REQUIRE you to be stupid.
Comment (2005-03-03 for -)
No email
send info
Reviewed by Spencer Dawkins, Gen-ART

(Ted Hardie) Yes

(Scott Hollenbeck) Yes

(Brian Carpenter) No Objection

Comment (2005-04-19)
No email
send info
Re Harald's DISCUSS, I will clear it if we can change the first sentence of 4.3:

>>> 4.3.  Require Authentication
>>>    The MSA MUST issue an error response...

     The MSA MUST by default issue an error response...

(Margaret Cullen) No Objection

(Bill Fenner) (was Discuss) No Objection

(Sam Hartman) No Objection

(Russ Housley) No Objection

Comment (2005-03-01 for -)
No email
send info
  Section 3.3 says:
  > Secure IP [IPSEC] can also be used, and provides additional benefits
  > of protection against eavesdropping and traffic analysis.
  The level of protection against traffic analysis is pretty low.
  While the observer cannot see the email headers or body, the
  observer can see the volume and timing of traffic from each
  client to the MSA.

(David Kessens) No Objection

(Allison Mankin) No Objection

Comment (2005-03-03 for -)
No email
send info
Did people notice nanog thread begun by Sean Donelan Feb 15 and continuing through Mar 2:
"Why do so few mail providers support Port 587?"  - praise of this protocol, and questions on
deployment.  Much discussion.

(Thomas Narten) No Objection

(Jon Peterson) No Objection

Comment (2005-03-03 for -)
No email
send info
The title and abstract of this document use the term 'message' as if it would be immediately understood that this refers to email messages. There are many other sorts of messages used on the Internet today. I think it is important for the title and abstract to identify explicitly the application with which this document is concerned.

(Alex Zinin) No Objection