IPP Mail Archive: IPP> Re: Mandatory Delivery Method for Not

IPP Mail Archive: IPP> Re: Mandatory Delivery Method for Not

IPP> Re: Mandatory Delivery Method for Notifications - Comments by Ap ril 15]

From: Michael Sweet (mike@easysw.com)
Date: Thu Apr 11 2002 - 09:05:54 EDT

  • Next message: Ted Tronson: "RE: IPP> RE: Mandatory Delivery Method for Notifications - Comments by April 15"

    Hastings, Tom N wrote:
    > Michael,
    >
    > About your concerns about whether or not the mailto Delivery Method should
    > REQUIRE SMTP (forget about the issue of SASL)? Your concern is puzzling to
    > me, since:
    > ...

    It's been a long time since I reviewed the mailto spec; my apologies
    for forgetting that the current spec specifically requires SMTP
    support. I reread things this morning, along with some notes I
    made when I first reviewed things...

    In the context of the current discussion, my specific concern is
    with requiring SASL over SMTP, since most implementations on top of
    existing operating systems will use an existing interface for
    deliverying email. Under UNIX, this is typically via sendmail or
    a sendmail-like system which supports email via local folders,
    SMTP, UUCP, etc. Windows has MAPI, and so forth.

    The current wording allows for that type of implementation, since
    SMTP support can reasonably be expected from the OS or email
    system.

    However, SASL support is often *not* available, and in the
    context of local delivery APIs is simply not applicable.

    Requiring SASL support in addition to SMTP has at least two
    implications for developers:

         1. It may require implementers to develop fairly complicated
            code to deal with both SMTP and SASL directly, if the
            underlying mail API does not support it (I know of no
            mail API that does)

         2. It puts an additional burdon of keeping authentication
            information on the IPP server in order to deliver
            mailto notifications, which potentially defeats the
            security mechanisms provided by SASL

    In addition, I know of several of our customers that would be
    forced to audit or remove our mailto notifier software since
    they are not allowed to have "unapproved" mail software on
    their systems. Since using the existing OS mail interfaces
    bypasses this constraint nicely, sticking with the OS mail
    interface and not providing a specific SMTP+SASL implementation
    of our own is in our best interests.

    > ...
    > Do you object to any of these conformance statements in the current
    > IPP mailto spec? Should we change these statements in the current
    > mailto spec?

    It might be nice to include a statement along the lines of:

         It is expected that some implementations of the mailto
         notification scheme will utilize existing electronic mail
         services or interfaces on the host operating system that
         can provide SMTP delivery.

    However, I don't think it is required, just that any mention of
    SASL use MAY or SHOULD, but not REQUIRED.

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Thu Apr 11 2002 - 09:08:00 EDT