Hastings, Tom N wrote:
>> About your concerns about whether or not the mailto Delivery Method should
> REQUIRE SMTP (forget about the issue of SASL)? Your concern is puzzling to
> me, since:
It's been a long time since I reviewed the mailto spec; my apologies
for forgetting that the current spec specifically requires SMTP
support. I reread things this morning, along with some notes I
made when I first reviewed things...
In the context of the current discussion, my specific concern is
with requiring SASL over SMTP, since most implementations on top of
existing operating systems will use an existing interface for
deliverying email. Under UNIX, this is typically via sendmail or
a sendmail-like system which supports email via local folders,
SMTP, UUCP, etc. Windows has MAPI, and so forth.
The current wording allows for that type of implementation, since
SMTP support can reasonably be expected from the OS or email
However, SASL support is often *not* available, and in the
context of local delivery APIs is simply not applicable.
Requiring SASL support in addition to SMTP has at least two
implications for developers:
1. It may require implementers to develop fairly complicated
code to deal with both SMTP and SASL directly, if the
underlying mail API does not support it (I know of no
mail API that does)
2. It puts an additional burdon of keeping authentication
information on the IPP server in order to deliver
mailto notifications, which potentially defeats the
security mechanisms provided by SASL
In addition, I know of several of our customers that would be
forced to audit or remove our mailto notifier software since
they are not allowed to have "unapproved" mail software on
their systems. Since using the existing OS mail interfaces
bypasses this constraint nicely, sticking with the OS mail
interface and not providing a specific SMTP+SASL implementation
of our own is in our best interests.
> Do you object to any of these conformance statements in the current
> IPP mailto spec? Should we change these statements in the current
> mailto spec?
It might be nice to include a statement along the lines of:
It is expected that some implementations of the mailto
notification scheme will utilize existing electronic mail
services or interfaces on the host operating system that
can provide SMTP delivery.
However, I don't think it is required, just that any mention of
SASL use MAY or SHOULD, but not REQUIRED.
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com