I've just reviewed the ongoing arguments about the draft in question and re-read the draft itself.
What strikes me is the level of argument over one section that could easily be adjusted. I would recommend adjusting section 5 to say: "The strongest available secure authentication mechanism is recommended". Let's face it, the SMTP AUTH options are driven from the referenced protocol documents (RFC2554).
Can we move on and get this document completed? Can we get the security folks to help work on the next generation of RFC2554? It's time to decouple that from a document that says "Use the Submission protocol so we can support customers who're roaming, and ensure we aren't also permitting spam relay."
What those of us operating networks would really like is a document like the one under consideration to point software vendors at and say "We as ISPs need you to support this so we can support your customers."
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf