Hadmut Danisch wrote:
- Almost the same could be achieved by simply using the
STARTTLS command of ESMTP. Our rackland server is configured
to use it, but a view on the log files shows that extremely
few other servers support this.
>
Why not simply use TLS if it already exists and is implemented?
Because people refuse to use it.
It could also be because most PKI infrastructure is based on the X.509
model, which (though scalable) requires folk needing a certificate to
cough up cash to CAs like Verisign. Also, for secure personal
communication (as opposed to electronic commerce), PGP has been arguably
far more popular than S/MIME. Especially given its free, bottom-up 'web
of trust' model, PGP may well succeed where the top-down X.509 has not.
Again, what is the goal of using TLS for email? Securing the messages?
That opens up a new battle with the monitoring agencies. Or is it (from
the anti-spam point of view) to let SMTP servers non-repudiably identify
themselves? If this is the goal, then it can be done with far less
overhead than TLS.
Digital signatures inserted by the *server* (not by the user, who should
not have to bother with the complexity of this) to identify *itself*,
using an RFC 2440 infrastructure, may be more successful in making
individual SMTP servers identifiable and accountable for what they spew
onto the Internet. Consider this fragment:
O: Received: from localhost by europa
O: (Exim version 3.12 #1); Wed, 22 Jan 2003 07:10:06
O: Origin-Server-Identity: public-key;
O: europa.uri.com (12.10.58.222)
O: Origin-Server-Key: <mailto:osk+europa(_at_)uri(_dot_)com>
O: Origin-Server-Signature: rfc2440; encoding=base64
O: iQA/AwUAPi2tY1VioDO/jwwhEQIyrACg6HYQDh+ynXbfqSp+4hF3kfb6zQIAnRYN
O: Ca1gPsBiRizLdYbtci4yVJRziQA/AwUAPi2tY1VioDO/jwwhEQIyrACg6HYQDh+y
O: nXbfqSp+4hF3kfb6zQIAnRYNCa1gPsBiRizLdYbtci4yVJRz
O: =1cuV
O: Message-ID: <002b01c2c1b7$30889ab0$1c01010a(_at_)europa>
Here, the Origin-Server-Identity and Origin-Server-Key is signed and the
signature is placed inline in the Origin-Server-Signature header. This
signature can even be created offline as a one-time affair. The
recipient server (or a plug-in within it) would have to compare the
stated origin server name/IP address with the actual server name/IP
address, and check if the key is trusted, as well as for revocation.
The best part is, given modern mail servers and their ability to run
plug-ins, all of this is doable without any change to existing MTAs. No
change is required to MUAs or users' email habits as well.
--
Prasenjeet Dutta
http://www.chaoszone.org/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg