Bruce Guenter <[EMAIL PROTECTED]> writes:
> The needs I am aware of include:
> - the basics of POP3 plus...
> [snip]
> - hierarchical multiple mailbox support
That should include something that makes sense for a host that's behind a
firewall and/or NAT and/or dynamic-IP dialup to authenticate and download
mail for multiple users (to basically do what people try to do with
fetchmail/multidrop or ETRN or other dodgy solutions nowadays). The
existing POP3 protocol doesn't have an accepted RFC-level solution for
identifying the set of users to whom each message should go, and SMTP
requires that the host be reachable at a static IP address. A good
modern protocol cannot assume the server can open a link to the client,
or that the client is coming from a known address.
> - message upload (for draft messages and for transmittal)
All client/server communications should ideally happen in the new/fixed
protocol; I'd just as soon not do any SMTP relaying at all, and instead
require that the user offer credentials in order to relay outbound
through me. This neatly solves the remote-dialup-relay problem too.
> A challenge-response authentication system is a debatable need. On one
> hand, with it you never send your pass phrase in the clear. On the
> other, all your content is still in the clear, so it would be better to
> assume a SSL link where necessary.
Making the authentication separate from the after-authentication protocol
allows you to bolt on whatever you need; simple user-password may be all
that's exportable in a vanilla release from a US vendor, but some sites
may want something stronger.
There may also be sites that want to require internal communications,
especially those that have to cross the Internet, go through an
encrypted/authenticated tunnel.
--
Anthony DeBoer <[EMAIL PROTECTED]>
