On 2 Nov 2024, at 14:34, Eric Rescorla wrote:
I see this document as something of an intermediate case: while SMTP
is of course part of a broader suite of mail protocols, this is the
document that is concerned with transport and so it would probably be
better to have the material that is also related to transport such as
STARTTLS in this document specifically. OTOH, given the long history
of this document and the existence of the A/S, I also think it would
be OK to have a more consolidated security discussion there, provided
that it's actually normatively referneced by this document.What I don't think is reasonable is to have that material appear
nowhere or outside of the normative references, because that doesn't
fulfill the overall objective of having them as part of the protocol
description. Note that I'm not asking here for any new normative
text--although I know others have suggested it--but merely for a clear
description of the situation, as described in RFC 3552.Would it be sufficient to have the A/S marked as "Updates: 5321bis"?
The concern I have is that we can't have a document at Internet Standard normatively referencing a Proposed Standard. I'm pretty sure that the A/S can be pretty quickly moved to IS and added to STD 10, but holding up the publication of 5321bis (and not finally getting 821 out as the IS reference for SMTP) would be less than ideal.
pr
--
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
