On Sat, Aug 04, 2007 at 04:09:57PM -0400, John C Klensin wrote: > > The difficulty, IMO, is that since many of the "policy" > decisions have been made in practice to provide better security, > the distinction may not be clear and splitting things into > multiple codes may do as much to obscure what is going on as to > clarify it. As the obvious example, if I reject a message > because I've concluded that the apparent sender is often a > source of malware, but without having examined the message > sufficiently to make a solid determination of whether malware is > present in it, is that "security" or "policy"? Conversely, if I > detect malware as being present and identify it and then reject > the message, is that "security" or a "policy" of blocking known > malware at the MTA rather than letting user anti-virus software > sort it out?
IMO, both examples are policy. Since future codes must be registered, group consensus would put things in the proper place. > I don't have a major objection to the proposed change, and > better documentation is always A Good Thing, but, especially > since there would be no way to tell whether a legacy system > emitting at 5.7.z code had been upgraded or not, I'm not > convinced that the benefits of this are worth the effort. I don't understand the upgrade concern. If x.7.13 isn't widely used the current meaning could be safely moved to x.8.3. x.7.1 and x.7.2 stay defined as they are today. x.8.1 and x.8.2 are just the equivalent of x.7.1 and x.7.2. The RFC would say implementations SHOULD use x.8.1 and x.8.2 instead of x.7.1 and x.7.2. Perhaps an update could change that SHOULD to a MUST 10 years from now. John and Ned, you both mentioned 'worth the effort'. Is that because you both believe the RFC wouldn't be an "Independent Submission"? I'm very new to this whole process, so forgive me if this is a stupid question. -- :: Jeff Macdonald | Principal Engineer, Messaging Technologies :: e-Dialog | [EMAIL PROTECTED] :: 131 Hartwell Ave. | Lexington, MA 02421 :: v: 781-372-1922 | f: 781-863-8118 :: www.e-dialog.com
