Having as few protocol commands as possible actually trigger a state change makes it simpler to verify correct implementation.
Well, gee, in your model one command triggers a state change. In my model, zero commands trigger a state change -- if you're externally authorized, you're authorized and you go ahead and do what you're going to do.
SMTP doesn't get this benefit as long as we support legacy submission, but Submission port 587 can have this benefit.
Huh? Only if you want to break every ISP's SUBMIT server which implicitly auth's anyone connecting from an IP inside the ISP's network, or that uses POP-before-SUBMIT.
To look at it another way, maybe I'm missing something, but it is my impression that if AUTH EXTERNAL fails in whatever protocol, you're going to report back to the user that he's not authorized and give up. How is that better than the de facto alternative, where you get the same response and the same action when you try to do something? You're not saving any code, the commands to do something are going to have to check that they're authorized either way.
R's, John _______________________________________________ yam mailing list [email protected] https://www.ietf.org/mailman/listinfo/yam
