On Thu, 3 Apr 2003 10:41:47 -0800 (PST)
william <william(_at_)elan(_dot_)net> wrote:
The point was that its not the problem with requiring persistant
connection for verification server, because we already do that by
using dns protocol. So really the issue being raised is about choosing
(or creating) verification protocol to be flexible enough for many
enviroments. It does not mean we can not create dns-like protocol for
verification that will work just find for usually disconnected nodes
or for that matter if http is used, its also quite flexible, widely
deployed, has cashing system, etc.
My concern there is distribution of the secret. There's relatively
little value in cacheing the value of an authenticity check. Its not
something that a given site tends to repeat. However repetitive checks
of *different* messages from the same MTA will be common, each one
hammering the possessor of the secret.
A system which doesn't require either distribution of the secret, or
ready access to the secret by uninvolved parties would seem better.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg