On Wed, 6 Oct 2004, James M Galvin wrote:
The critical phrase above is that the signature asserts the identity of
the prior hop that controlled the message. Nothing more, nothing less.
It is a "domain-based" identity. In particular, it does not
authenticate the sender or author.
I don't think we need crypto to authenticate the previous hop. TCP is
enough to authenticate the IP address. CSV gives us an authenticated
responsible name.
The whole point of MASS is it covers the whole journey of the message.
This means that if "layering" is not a requirement, then TLS/SSL is a
solution. The deployed TLS/SSL base focuses on authenticating the
server but it certainly supports authenticating the client.
Getting people to use TLS's authentication features with SMTP (not
counting message submission) would be an impressive feat. The deployed
base does a lot of unchecked opportunistic TLS, so if you tried to use TLS
with checks turned on you'd likely find a lot of interop problems.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
THE MULL OF GALLOWAY TO MULL OF KINTYRE INCLUDING THE FIRTH OF CLYDE AND THE
NORTH CHANNEL: WEST OR NORTHWEST 6 TO GALE 8, DECREASING MAINLY 5 TO 7 BY
EVENING, AND THEN 4 OR 5 OVERNIGHT. SQUALLY SHOWERS, EASING TONIGHT. MODERATE
OR GOOD. ROUGH OR, AROUND KINTYRE AND IN NORTH CHANNEL.TODAY, LOCALLY VERY
ROUGH.