On 6/3/2004 10:46 AM, Alan DeKok wrote:
Hmm... Hadmut's proposal to put the policies on the web is looking
useful.
The difficulty is that email becomes dependent on one more service,
which makes it less robust.
Store them inside the mail service itself, with an ESMTP verb being used
to fetch the policy statements for the domain. This could be handled by
trapping the EHLO identifer of an incoming connection, and opening a
back-channel request to identified servers associated with that domain,
and fetching the associated policy statement. This model does require
additional work (the development of an ESMTP verb, for one thing), and it
makes disk-based caching of policy statements more important (which is
already important, but "out-of-sight, out-of-mind" if DNS is used), but
also has the benefit of allowing truly infinite-sized policy statements
(DNS is limited to a hard maximum of 64k record sizes), and also limits
reverse-DDoS blowback from forgeries to the affected service rather than
knocking over DNS (and therefore *EVERY* service).
The only other option that actually takes operational issues into
consideration is scaling MARID back down to a small and rigid structure.
Take your pick.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/