On Tue, 05 Aug 1997 15:19:36 +0200,
Harald(_dot_)T(_dot_)Alvestrand(_at_)uninett(_dot_)no said:
The Newman proposal describes a *per site* mechanism, with no effect
(that I can see) on systems apart from the ones that *choose* to
adopt this mechanism.
With some care, it can be used *per user*, with no effect on the
other users of the same mailhost.
Alas Harald, it's not *quite* that simple. Now, I could support this draft
as going out as an "Informational" describing "here's the way some sites
do it". Unfortunately, as written, I think this would be a Bad Idea for
even "Elective" status, much less 'MUST" status.
The problem is that everything is too damned intertwined.
For instance, let's say we have a mailing list A, and subscribers X, Y,
and Z at seperate sites. Now, if the administrators at sites X and Y
upgrade to this new scheme, *it doesn't really do any good* if site A
is unaware. Site A treats the 'local part' as an opaque cookie to be
dealt with by sites X and Y. As such, it's *not* permitted to look "inside"
the opaque-cookie local-part and say "Oh, this is from zlortch(_at_)X, he's
allowed to modify zlortch+biglist(_at_)X entries". Of course, being able to
do this sort of parsing *was* the whole *point* of the proposal...
So site A upgrades. And thus breaks size Z, which happens to use '+'
(or whatever meta-char we picked) as a seperator for something ELSE.
Remember, since it's elective, site Z can opt out. However, site A now
has a dilemma - it has no way of knowing which sites are using the
subaddressing scheme and which aren't.
Anybody who says "Site A can just keep a list of which sites X Y Z are
using which style" can go back and read up on why the DNS was invented.
And don't propose an "Extended MX" - it's been proven that people can't
get *REGULAR* MX configured right (how long has "compuserve.com" been
pointing their MX at a CNAME? ;)
Bottom line - I think this proposal is a non-starter unless it provides
a way for a *remote* system (such as a MLM or what-have-you) to determine
if the option is available or not. Yes, I know RFC1123 says 'you MUST
support postmaster'. However, notice that the status of 1123 means that
a remote system is allowed to use simple lexical operations to determine
address validity for those reserved addresses. If they accept a connection
on port 25, it has to be safe to mail to 'postmaster@'. However, there is
no similar way for a remote host to verify whether it should consider
'fred', 'fred+warbot', 'fred+ghost' etc to be the "same" or not. As has
been pointed out, this has a *large* impact on MLM systems, and on anything
that wants to do cryptographic signatures.
This message is PGP-signed. Would I have to add a new userid to my public
key and re-send it to the keyservers each time I started using a new '+whatever'
address? Remember - the answer to this is *NOT* PGP-specific... ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpmhdQTvRQ88.pgp
Description: PGP signature