From: "Ken Hirsch" <hirschk(_at_)labcorp(_dot_)com>
...
My thinking is that SMTP-over-TLS is less expensive, because
certificates will be checked fewer times and encryption/decryption can
be hardware-accelerated.
S/MIME and other mechanisms could also use hardware.
I advocate the use of SMTP-TLS, but it has a major defect for
authenticating mail. It only authenticates one MTA to another, or
in some cases an MUA to an MTA or an MTA to an MUA. It does not
authenticate the sender of the mail message itself.
I think that the vast majority of emails are
directly from the originator's MTA to the recipient's MTA ...
That is true only in very simple cases. If that were true, then
you could filter spam by rejecting all mail with more than one
Received header. Please consider "smart host," "mail firewall,"
"bastion host," and "MX secondary."
That may well be. Note that the certificate authority is not the only
one doing policing, though. If messages are authenticated, it is much
easier to detect abuse and filter it. Even at $100 per cert, if abuse
is detected after 10,000 messages, that's $.01 per message, which may be
enough to dissuade the abuse. Plus the certificate authority will have
at least some identifying and financial information to prevent the
abuser from acting again.
...
If any of that were true, then it would be equally true of ISPs.
Every SMTP message carries a practically unforgeable token identifying
and authenticating the previous hop ISP. If certificate authorities
could be trusted to police customers that spend $100/year for a
certificate, then ISPs could be trusted to police customers that spend
$240/year for ISP service.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg