On Wed, 24 Jan 2007, The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'POP3 SASL Authentication Mechanism '
<draft-siemborski-rfc1734bis-10.txt> as a Proposed Standard
My apologies to the authors for not commenting on this document earlier.
Both this document and the related draft-siemborski-rfc2554bis discuss how
the client can cancel an authentication exchange by sending a line with a
single "*", but then fail to permit that in the ABNF of what the client
sends. The 'auth-resp' production might have been part of an attempt to
permit that, but it's not referenced or explained. I therefore suggest
dropping the dangling 'auth-resp' line and changing this production:
auth-command = "AUTH" SP sasl-mech [SP (base64 / "=")] *(CRLF
[base64]) CRLF
to something like
auth-command = "AUTH" SP sasl-mech [SP (base64 / "=")]
*(CRLF [base64]) [ CRLF "*" ] CRLF
or better: it should be consistent with the other document,
draft-siemborski-rfc2554bis, and have a production for the initial
response. One for the cancel response would clarify the usage:
auth-command = "AUTH" SP sasl-mech [SP initial-response]
*(CRLF [base64]) [CRLF cancel-response] CRLF
initial-response= base64 / "="
cancel-response = "*"
A similar change should be made to the rfc2554bis draft.
Otherwise, I support the advancement of this document. It's definitely an
improvement over the existing scattering of documents.
Philip Guenther
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf