Tony Finch wrote:
The SASL EXTERNAL method means that the client has been authenticated by
some means external to SASL (e.g. TLS, or in my case IP addresses and
knowledge of the network topology) and that the client wants the server
to make its access control decision using this information with the
authorization identity that the client provides via SASL.
JFTR, I think on top of TLS you'd get ESMTPSA with RFC 3848, not ESMTPA.
My point was about ESMTPA, and of course I forgot the EXTERNAL mechanism.
But it's not so bad that I'll now go and fix the Wikipedia article about
BTW, RFC 4422 and Wikipedia only mention TLS and IPsec, but not RADIUS,
my first guess what EXTERNAL could be about. Something wrong with that,
or is it just another case of "security folks hate KISS" ?