IPP> Re: Mandatory Delivery Method for Notifications - Comments by Ap ril 15]

IPP> Re: Mandatory Delivery Method for Notifications - Comments by Ap ril 15]

IPP> Re: Mandatory Delivery Method for Notifications - Comments by Ap ril 15]

Michael Sweet mike at easysw.com
Thu Apr 11 09:05:54 EDT 2002


Hastings, Tom N wrote:
> Michael,
> 
> About your concerns about whether or not the mailto Delivery Method should
> REQUIRE SMTP (forget about the issue of SASL)?  Your concern is puzzling to
> me, since:
> ...

It's been a long time since I reviewed the mailto spec; my apologies
for forgetting that the current spec specifically requires SMTP
support.  I reread things this morning, along with some notes I
made when I first reviewed things...

In the context of the current discussion, my specific concern is
with requiring SASL over SMTP, since most implementations on top of
existing operating systems will use an existing interface for
deliverying email.  Under UNIX, this is typically via sendmail or
a sendmail-like system which supports email via local folders,
SMTP, UUCP, etc.  Windows has MAPI, and so forth.

The current wording allows for that type of implementation, since
SMTP support can reasonably be expected from the OS or email
system.

However, SASL support is often *not* available, and in the
context of local delivery APIs is simply not applicable.

Requiring SASL support in addition to SMTP has at least two
implications for developers:

     1. It may require implementers to develop fairly complicated
        code to deal with both SMTP and SASL directly, if the
        underlying mail API does not support it (I know of no
        mail API that does)

     2. It puts an additional burdon of keeping authentication
        information on the IPP server in order to deliver
        mailto notifications, which potentially defeats the
        security mechanisms provided by SASL

In addition, I know of several of our customers that would be
forced to audit or remove our mailto notifier software since
they are not allowed to have "unapproved" mail software on
their systems.  Since using the existing OS mail interfaces
bypasses this constraint nicely, sticking with the OS mail
interface and not providing a specific SMTP+SASL implementation
of our own is in our best interests.

 > ...
> Do you object to any of these conformance statements in the current
 > IPP mailto spec?  Should we change these statements in the current
 > mailto spec?

It might be nice to include a statement along the lines of:

     It is expected that some implementations of the mailto
     notification scheme will utilize existing electronic mail
     services or interfaces on the host operating system that
     can provide SMTP delivery.

However, I don't think it is required, just that any mention of
SASL use MAY or SHOULD, but not REQUIRED.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com




More information about the Ipp mailing list