David Nicol <davidnicol(_at_)gmail(_dot_)com> wrote:
On Thu, Dec 16, 2010 at 5:28 PM, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org> wrote:
Agreed, but the white-listing should be by authenticated servers and _not_
their IP address.
Brilliant! IP is about routing the packets, and nothing else. Tieing
authentication in with the implementation detasils of the transport
protocol is the root cause of major headaches. Plus plus.
Thank you!
(It's the old story: "The light's so much better over here!" ;^)
Doug isn't always the easiest person to understand; but I think I
understand him, having worked with him on the draft-marid-csv series
of I-Ds.
There we set out to use the HELO string as declaring the identity
of the sending SMTP client, and work from that to authenticate that
the server actually was authorized by that domain. MARID died of the
politics of that time; and the drafts have sat in limbo since.
Doug backed off, thinking "If you won't let me authenticate by
HELO, I'll look for something else to authenticate by." I, OTOH,
looked for other windmills to tilt...
Obviously, it is possible to authenticate differently, and Doug
has wrapped his mind around several different mechanisms over the
last five years. None of them, IMHO, work very well in the time
domain (delivering results that may be outdated, and struggling to
mitigate replay problems). But they are certainly better than
relying on IP addresses alone.
The principle in CSV was to have the sending SMTP client declare
its identity in HELO or EHLO, and have the receiving SMTP server
authenticate at SMTP time that the domain authorized that client
to send according to its policies. (Of course, those policies do
not necessarily match the policies of domains named in MAIL FROM or
any similar domains which will be visible to recipients.)
CSV relied on a weak but timely authentication; we have since
seen alternatives that are stronger but less timely -- the principle
of authenticating the SMTP client talking to you is more important
than the exact balance between strength and timeliness.
In principle, it may be possible to build a business model with
even-weaker authentication by IP-address and unknown timeliness;
but I wouldn't want to be the one trying to build it.
--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg