Alan DeKok wrote:
Mark Baugher <mbaugher(_at_)cisco(_dot_)com> wrote:
We could extend SMTP AUTH to do MTA authentication, but it would
then end up looking like LMAP.
I believe SMTP TLS is intended for MTA authentication.
Yes, it also solves the security/privacy issue. But it's
authentication + security, not just authentication. And I don't think
many MTA's allow STARTTLS with cipher "none".
[..]
Other methods can potentially extend the authentication of the
message beyond the per-hop limit of STARTTLS.
With LMAP, authentication is done to the originating domain, as opposed
to per-hop basis.
However, it seems to me that in cases where someone outsources their
email delivery, there will be significant administrative issues since
the owner of the domain will have to list all possible outbound servers
of the outsourcer in LMAP records. And anytime this information changes,
the DNS records need to be updated.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Be liberal in what you accept, and conservative in what you send" (Jon
Postel)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg