There is another approach, go back to a PEM like scheme in parallel
with S/MIME. That can provide a robust identification without impact
on the message that impacts the end user (S/MIME is unfortunately not
going to work for Eudora users).
There can even be enforcement here, we could rent a trusted box
to the ISP that implements the Velocity Indicator technology and
only applies the authentication mark if the message is within policy.
It also means that different customers for a bulk sender could have
different tags attached. Consider the case where the mailing list ID
is bound into the authentication token. The problem at the moment is
that the recourse hits the wrong party, the bulk sender not the mailing
list owner.
We are more likely to get compliance if we give people the tools to
enforce it.
Phill
-----Original Message-----
From: Vernon Schryver [mailto:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com]
Sent: Monday, April 28, 2003 6:01 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] Proposal for transition to authenticated email
From: "Ken Hirsch" <hirschk(_at_)labcorp(_dot_)com>
...
My thinking is that SMTP-over-TLS is less expensive, because
certificates will be checked fewer times and
encryption/decryption can
be hardware-accelerated.
S/MIME and other mechanisms could also use hardware.
I advocate the use of SMTP-TLS, but it has a major defect for
authenticating mail. It only authenticates one MTA to another, or
in some cases an MUA to an MTA or an MTA to an MUA. It does not
authenticate the sender of the mail message itself.
I think that the vast majority of
emails are
directly from the originator's MTA to the recipient's MTA ...
That is true only in very simple cases. If that were true, then
you could filter spam by rejecting all mail with more than one
Received header. Please consider "smart host," "mail firewall,"
"bastion host," and "MX secondary."
That may well be. Note that the certificate authority is
not the only
one doing policing, though. If messages are authenticated,
it is much
easier to detect abuse and filter it. Even at $100 per
cert, if abuse
is detected after 10,000 messages, that's $.01 per message,
which may be
enough to dissuade the abuse. Plus the certificate
authority will have
at least some identifying and financial information to prevent the
abuser from acting again.
...
If any of that were true, then it would be equally true of ISPs.
Every SMTP message carries a practically unforgeable token identifying
and authenticating the previous hop ISP. If certificate authorities
could be trusted to police customers that spend $100/year for a
certificate, then ISPs could be trusted to police customers that spend
$240/year for ISP service.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg