Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!rice!uw-beaver!zephyr.ens.tek.com!tektronix!percy!m2xenix!quagga!undeed!barrett
From: barrett@Daisy.EE.UND.AC.ZA (Alan P Barrett)
Newsgroups: comp.protocols.tcp-ip
Subject: RFC 931 "Not Recommended" (Re: Authenticated SMTP, anyone done one?)
Message-ID: <1991Jun14.142800.27168@Daisy.EE.UND.AC.ZA>
Date: 14 Jun 91 14:28:00 GMT
References: <1991Jun3.163841.4114@bwdls61.bnr.ca> <17169:Jun1122:04:5791@kramden.acf.nyu.edu>
Organization: Univ. Natal, Durban, S. Africa
Lines: 58

In article <17169:Jun1122:04:5791@kramden.acf.nyu.edu>,
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
> RFC 931, the Authentication Server, provides enough additional security
> to stop those pesky undergraduates from forging mail (at least without a
> network machine of their own). You can get my implementation of RFC 931
> for BSD machines in stealth.acf.nyu.edu:pub/hier/inet/rfc931/authd.3.01.
> You can make sendmail (5.61, 5.65, possibly others) understand RFC 931
> by applying sendmail-patches-djb, available from the same place; after
> the patch, $F in an H line in sendmail.cf will print the remote user
> name for any SMTP connection.

I could find only two references to authentication protocols in RFC1200,
and both are marked "Experimental" and "Not Recommended".  Why?

How seriously should people take the suggestion that experimental
protocols should not be implemented without coordination with their
developers?

" Network Working Group                          Internet Activities Board
" Request for Comments: 1200                             J. Postel, Editor
" Obsoletes: RFCs 1140,                                         April 1991
"      1100, 1083, 1130
" 
" 
" 
"                     IAB OFFICIAL PROTOCOL STANDARDS
" 
" [...]
" 
"    4.1.4.  Experimental Protocol
" 
"       A system should not implement an experimental protocol unless it
"       is participating in the experiment and has coordinated its use of
"       the protocol with the developer of the protocol.
" 
" [...]
"
"    4.2.5.  Not Recommended Protocol
" 
"       These protocols are not recommended for general use.  This may be
"       because of their limited functionality, specialized nature, or
"       experimental or historic state.
" 
" [...]
" 
" 6.6.  Experimental Protocols
" 
" Protocol   Name                                     Status           RFC
" ========   =====================================    =============== ====
" [...]
" COOKIE-JAR Authentication Scheme                    Not Recommended 1004
" [...]
" AUTH       Authentication Service                   Not Recommended  931
" [...]

--apb
Alan Barrett, Dept. of Electronic Eng., Univ. of Natal, Durban, South Africa
RFC822: barrett@ee.und.ac.za             Bang: m2xenix!quagga!undeed!barrett