On Tue, Mar 09, 2004 at 10:43:01AM -0800, Edwin Aoki wrote:
I think that the proposals listed below are a good stab at the question
of how one derives the identity, but I think it still skips the step of
what the specific identity is that needs to be authorized. Given the
proposed scope of this group - to verify that an MTA is authorized to
send mail - the identity we need to validate would seem to be that of
the sending MTA.
Yeah, but the reason is not the scope of this group, it's a matter of
designing security protocols. If you want to do message based
security, you can use digital signatures. If you want to do
communication based security, you need to authorize and thus identify
whom you are talking with, which is always an interactive step. As
long as you limit the scope to a single SMTP connection only (in
contrast to sending a cookie in a prior e-mail), the sending MTA is
currently the only one you can interactively talk with (here: TCP seq
number). You simply have no option than authorizing the sending MTA
(if you don't want to redesign mail transfer).
regards
Hadmut