ietf-asrg
[Top] [All Lists]

Re: [Asrg] Proposal for transition to authenticated email

2003-05-01 01:33:18
From: "Jim Youll" <jim(_at_)media(_dot_)mit(_dot_)edu>
You're missing lots of issues, like all the sites that aren't at the end of
a whomping fast Internet connection... the big messages dribble in over the
slow link and local access is decoupled from link speed. When I put up my
first home Linux server many years ago, it was on a demand-dialed line and
it batched out the locally-gathered mail every 30 minutes..  the ISP was
an MX secondary for inbound mail.

I don't understand this objection.  You can send to the ISP's SMTP server at the
same speed as you send to another SMTP server.


Further, why should an independent organization's e-mail policies be subject
to the wholly unrelated policies of an intermediate party?

Because the current system is broken!

Should we also
proxy all web serving and retrieval through the ISP too?

No.

Shall we ask the ISP
to maintain our e-mail accounts? Do we then have to trust the ISP to store
all these messages? What about privacy?

I'm only talking about outgoing messages.

Since there will be hundreds of thousands of SMTP servers no matter how
loudly anyone here complains, there is little point in trying to shout
against the wind in this way.

Yeah, yeah, nothing will ever change.  The world will come to an end if these
regulations pass.  People say things all the time.  Then the regulations pass 
and
it's no big deal.  I'm more interested in whether the regulations will work.  
Yes
there are costs, but there are costs to the current situation and to any other
solution, too.

The actual impact of these changes is tiny.  So far people have legitimately 
pointed
out:
1) Now, you can use TLS to the end server.
2) You get feedback from one hop later if you do the SMTP yourself.

That's it.

For 1)
Well, if you use S/MIME, your ISP knows the email of your recipient. If you use 
TLS,
your ISP knows the SMTP server of the recipient.  If that difference is 
important to
you, get a certificate for your SMTP server!

Come to think of it, if you accept TLS, you probably already got a certificate!
Will the new certificate be so much more of a burden than the current one?
(Slightly more rigorous, hopefully.)

For 2)
Yes, but you still don't know if the recipient gets the message.  (Kudos to
Microsoft for implementing S/MIME receipts, by the way.  That is one real 
advance in
reliability and they were the first major MUA vendor to do it, AFAIK.)  If 
that's
really important to you, get a certificate for your SMTP server.

Right now the reliability of email is just so-so. And spam contributes to the
problem.  I will note that hierarchically-structured systems (like the phone 
system)
tend to be more reliable than N^2 connection sytems.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg