On Thu, Oct 02, 2003 at 02:12:42PM -0500, Bill Weinman wrote:
In my vision, *most* systems will follow the rules. Those that don't will
try to obfuscate and hide and lie. With authenticated connections they will
be easier to find and isolate. That sounds to me more manageable than what
we have today.
RFC 3207 - SMTP Service Extension for Secure SMTP over Transport Layer
Security - describes STARTTLS that can be used for TLS connections.
Clients can e.g. make a normal SMTP connection and switch to TLS
immediately. This (though patches) is available for nearly all MTAs I
know of. I have never seen it used, however. A friend of mine told me 3
or 4 months ago that he has about 10 TLS connections a week (out of some
10000 a day) and it is always the same server.
RFC 3207 provides already the TLS/X.509 part on AMTP.
That's done in the RCPT response. You seem to be suggesting a per-recipient
advertisement of MPC values. I decided against that to keep down the number
of round-trips. As the spec currently stands, a client doesn't get per-user
MPC values, it just gets 250 or 550 (or occasionally 451) reply codes for
Hmmm ... you can save the round trip making ESMTP PIPELINING mandatory.
Do you mean "senders that ignore the MPC values in the EHLO response"? They
will get a 550 later in the conversation. And they risk getting added to a
You surely mean "block list" and not CRL.
CAs certify identity and if I'd buy a cert that correctly says "you are
mail.example.com" and they'd revoke it because I don't stick to MPC
I'd sue them to Pluto and back.
And exactly this is the reason why I don't "trust":
1) I don't trust CAs in general, because they have done (Verisign/Microsoft)
and probably do enough bullshit with certs. (If I look at what happens
when customers buy certs ... oh my god).
2) Certs do say nothing about "good" or "bad". They *try* to help with
identification. A CA certifies: "this domain/address belongs to company X
or person Y". That's all. And just like I don't trust everyone on the
street and give him my house key only because he can show me a valid
(governmental) identity card, I don't trust any connecting host more than
I would do without a cert.
With all the webservers and https the real meaning of a cert has been
perverted by Joe Loser and Jane Journalist.
And no, I don't want a centralised CA for mailservers.
Look at the DNS wildcard issue and you can see what happens if you give
one company too much power. And coincidentially this company is also a CA.
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
Asrg mailing list