On 10 Oct 2004, John R Levine wrote:
Now the reason why MTAs don't support MIME is simply because they don't
Well, yeah. But if I may repeat myself, what's your transition model?
Right now, almost no MTAs handle MIME, so any scheme that depends on MIME
won't work as an MTA-MTA scheme on existing MTAs.
Right now no MTA handles MASS mail signatures, so transition model is all
the same for any proposal and involves adding new programming. As far as
handling MIME, as I said, there are libraries available and adding support
for MIME is not difficult - most likely however its not going to be in
main MTA anyway, it seems likely that support for mail signatures would be
implemented as separate extension to MTA (i.e. like sendmail milter), but
that is all implementation details and likely and outside scope of the WG.
Is your plan to wait to deploy MASS until everyone's MTA has been upgraded
to handle MIME?
If you're asking if it matters that every MTA handle MIME, it does not -
those that don't handle it and the ones that don't care about mail
signatures would pass message along just like they do now.
What matters is that those MTAs that want to add MASS signatures or want
to verify it be able to handle MIME as well as signature itself.
If not, what's your transition model for using MASS onthe Internet that
Some MTA (early adaptors) begin to add signatures. At first most don't
know what it is and they are simply ignored by MTAs and by MUAs. But as
more MTAs understand it as well as features are added to email filters
(i.e. spamassasin) they can verify on the recepient MTA end they are able
to present to user by means of special header (or other means) information
that mail was verified by checking mail signature and user MUA is updated
to display this information. Additionally some MUAs also get new feature
to be able to check signature directly (within same timeframe from when
email was sent as MTA would have). Overtime as many are upgraded to be
MASS-aware some begin to publish policy records indicating that all
their email is signed and eventually filters are updated to reject email
from such domains if they did not have properly verified signatures.
And BTW - I don't think the above scenario is much different for any of