On 6/25/2004 8:41 AM, Meng Weng Wong wrote:
On Fri, Jun 25, 2004 at 03:38:36PM +0200, Arnt Gulbrandsen wrote:
|
| Right. I'd like the publication to contain only an address/port. The
| receiving SMTP sender looks the address up, makes an RPC to the
| published address (e.g. using UDP, although BXXP is a possibility too),
| receives a well-defined FAIL/PASS/NEUTRAL answer, and that's it.
For the record, the design you describe above has been
fleshed out --- as DVP.
http://www.exploits.org/dvp/
That's similar to but barely a fraction of the functionality that Arnt is
describing. DVP as described therein only says whether or not an address
is valid, while Arnt is saying that the 'sender authorization' problem in
its entirety can be handled by such a query-response system.
There's a lot to be said for such an approach. The DNS overhead would be
reduced to SRV entries. The computational load would be linked to the
sender's volume instead of the recipient's volume. Etc.
Arnt needs to make some time to write up his proposal still. :)
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/