ietf-mxcomp
[Top] [All Lists]

Re: CVS Questions/Comments [was Re: Comparing apples to multiple, hypothetical oranges]

2004-07-01 05:43:14

On Thu, 1 Jul 2004, Hector Santos wrote:

4) Is Acceditation required for CVS to be useful? In other words, is it
useless without it?

No more so than any of the other schemes we are discussing. They all
assume that pervasive domain authentication will lead to accreditation and
reputation services based on domains (RHSBLs), in addition to or as a
replacement for the current IP address DNSBL schemes.

At first glace the term "persistent domain name" when used as analogy to a
transient IP address, seem to imply that the client domain never changes
from hop to hop as oppose to a IP changing from hop to hop.

So if I understand the term "persistent domain name' it implies that a
consistent domain name is used for CVS publishing and for SMTP Sender usage
in its HELO/EHLO command?

I think the term "Consistent" better applies.

It's to do with persistence over time. An organization is likely to keep
its domain name longer than its IP addresses, especially if it is small.
This is made clear by the preceding paragraph:

      Increased topological, transfer and access complexities on the
      Internet are making IP Addresses increasingly problematic for use
      as identifiers.  Instead they are viewed as appropriate only for
      the most transient task of delivering individual packets.

|    What is missing is a useful means of authenticating MTA-MTA exchanges
|    over the open Internet.  Prior arrangement between such a pair of
|    MTAs is antithetical to the history and operation of Internet mail.

Can you give an example of where this is antithetical

Receiving email from someone who you have never corresponded with before.

The server is going to have to run a CSA process anyway so why have it
go to DNA first?

The checks can be done in either order or in parallel. If one of them
fails the other is moot.

RBL works and is well established.  It is going to be very hard to
replace this with CVS.  How can an RBL site work in conjunction with
CVS/DNA/CSA? What if I run both and apply RBL, CVS/DNA/CSA passes the
domain with flying colors but RBL is rejecting the IP?

I think this depends on the DNSBL in question. For example, if it's the
SBL (list of addresses allocated to known spammers) or the CBL (list of
known compromised machines) then CSV is moot. If it's a dynamic IP list
(dial-ups and DSL lines) then a CSV pass would beat the blacklisting. The
sysadmin will have to apply some intelligence to the configuration.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
FORTH TYNE: SOUTHWEST BACKING SOUTH 3 OR 4 OCCASIONALLY 5. SHOWERS. GOOD.