At 10:02 PM 9/28/2003, Phil Miller wrote:
Major nitpick: "roll" is a kind of bread; you mean "role".
Sheeesh! It's also a popular delivery mechanism for toilet paper.
That's embarrassing. The first fix is in place for -02. Thanks.
Now, for my real beef: the DNS requirements break the use of 'residential'
ISP lines for hosting AMTP servers.
This needs to go in the FAQ. It's by far the most common objection.
I too would rather not have to break that functionality, but the
requirement that the certificate match the PTR RR seems to me valuable, and
I can see ways to replace the functionality of a home-based mail server.
Allow me to explain:
Without the PTR requirement, a blackhat could get a certificate and upload
it to zillions of compromised home-based PCs along with a small AMTP
daemon, much like they do today with SMTP. After a while, the major AMTP
servers would discover the certificate signature and block it, but a lot of
spam would go out in the mean time.
With the PTR requirement, all those home-based PCs become unusable as
distribution points. But now a whitehat needs a fixed IP address and/or a
moderately clueful provider to run an AMTP server.
(An exceptionally clueful provider could create low-ttl dynamic rDNS for
selected parts of their IN-ADDR.ARPA zone, but that seems like it's asking
a lot from an industry that can barely manage a SWIP.)
There are a few ways around this, but I fancy this one: Find a few friends
and set up a small co-op mail server. You can get a decent low-traffic
dedicated *nix server for about $99/month, or a colo for about $199. With
five or ten folks in a co-op, that's not a very big pill to swallow.
Another possibility is that someone will set up a business that will relay
mail for people like you using the "private network" provision in AMTP. A
side-benefit for this approach is that you don't need to get your own
certificate. I forsee this as a moderately popular niche market for someone
who is interested. (Actually, I think some of these exist now with
alternate-port SMTP for those who have outgoing port 25 blocked.)
I know it's a PIA, and I would love to find a way around it, but also I see
it as a reasonable price to pay if it makes the rest of the package work.
--Bill
---
Never send a monster to do the work of an evil scientist.
~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~
- Home <http://bw.org/> | Whois <http://whois.bw.org/>
- Music <http://music.bw.org/> | Blog <http://blog.bw.org/>
- Gimme back my email! <http://amtp.bw.org/>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg