----- Original Message -----
From: "Andrew Newton" <andy(_at_)hxr(_dot_)us>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: "IETF-MXCOMP" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, June 30, 2004 9:56 PM
Subject: Re: CSV and STARTTLS
On Jun 30, 2004, at 8:24 PM, Hector Santos wrote:
The only possible reason I can think of is because it usually means
exclusive arrangements which is already done with IP Relays tables or
SMTP AUTH accounts. Any TLS security advantage is not guarantee
between
multi-hop routes.
Not that I disagree with this observation, but couldn't it also apply
to CSV since it is doing the same thing?
Or in other words, if it isn't worth it to authenticate via TLS because
SMTP is a hop-by-hop protocol, why is CSV authentication more
compelling?
I am undestanding CVS correctly, CVS is based (and only cares for) in the
trust and validation of the final MTA/MDA transaction with the presumption
that the original submission was authenticated (required for a route(, and
the routes themselves are trusted. Its the circle or chain of trust
concept.
Its a valid theoritical concept until we get into hetergenous mixing of
servers which we have already experienced first hand with a real customer
issue. Right or wrong, the customer had control in replacing long
established legacy SMTP servers but was able to add the new "LMAP-ready"
AntiSpam SMTP server as a primary host and smart host for the legacy
servers. I don't think CVS will solve this because will assume the legacy
server already did validations.
In short, as I explained to the customer, installing a new $15K Advanced
Home Security System [MARID Servers] with all the latest gadgets doesn't
quite make sense when you still have the habit of leaving the front door key
[non-MARID servers] under a potted plant on the porch. :-)
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com