On Tue, Apr 28, 2020 at 05:10:21PM -0400, John R Levine wrote: > On Tue, 28 Apr 2020, John C Klensin wrote: > > While I don't think it would be useful in any realistic case I > > can think of, I don't think anything in RFC 4954 would prevent a > > delivery-end server from advertising the extension and an > > intermediate MTA relay from using it. That would provide some > > validation of (or independent of) the argument to the EHLO > > command that did not depend on IP addresses. ... > > Sure, it's easy to imagine ways one might make arrangements like that. > Since SMTP AUTH uses SASL you're mostly limited to shared secrets with > counterparties you already know. (I say mostly since in principle SASL > can use OpenID although I don't know anyone who does.) The bits in draft-ietf-kitten-sasl-saml-ec do get used (IIRC with SASL, though the doc supports GSS-API as well), but I don't think that's for mail. -Ben
