ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: transition to MASS, was Why we really don't require requirements

2004-10-10 14:22:24
from [william(at)elan.net] [Permanent Link] 


On 10 Oct 2004, John R Levine wrote:


Now the reason why MTAs don't support MIME is simply because they don't
need it.


Well, yeah.  But if I may repeat myself, what's your transition model?
Right now, almost no MTAs handle MIME, so any scheme that depends on MIME
won't work as an MTA-MTA scheme on existing MTAs.


Right now no MTA handles MASS mail signatures, so transition model is all 
the same for any proposal and involves adding new programming. As far as 
handling MIME, as I said, there are libraries available and adding support
for MIME is not difficult - most likely however its not going to be in
main MTA anyway, it seems likely that support for mail signatures would be 
implemented as separate extension to MTA (i.e. like sendmail milter), but 
that is all implementation details and likely and outside scope of the WG.
 

Is your plan to wait to deploy MASS until everyone's MTA has been upgraded
to handle MIME?  


If you're asking if it matters that every MTA handle MIME, it does not -
those that don't handle it and the ones that don't care about mail 
signatures would pass message along just like they do now. 

What matters  is that those MTAs that want to add MASS signatures or want 
to verify it be able to handle MIME as well as signature itself.


If not, what's your transition model for using MASS onthe Internet that 
exists today?


Some MTA (early adaptors) begin to add signatures. At first most don't 
know what it is and they are simply ignored by MTAs and by MUAs. But as 
more MTAs understand it as well as features are added to email filters
(i.e. spamassasin) they can verify on the recepient MTA end they are able 
to present to user by means of special header (or other means) information 
that mail was verified by checking mail signature and user MUA is updated 
to display this information. Additionally some MUAs also get new feature 
to be able to check signature directly (within same timeframe from when 
email was sent as MTA would have). Overtime as many are upgraded to be 
MASS-aware some begin to publish policy records indicating that all
their email is signed and eventually filters are updated to reject email
from such domains if they did not have properly verified signatures.

And BTW - I don't think the above scenario is much different for any of 
the proposals.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: what MTAs do, was semantics of the signature, Seth Goodman
Next by Date:  Re: Comparison Matrix on proposals, Andrew Newton
Previous by Thread:  Re: transition to MASS, was Why we really don't require requirements, John R Levine
Next by Thread:  Re: transition to MASS, was Why we really don't require requirements, John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]