On Thu, 1 Jul 2004, Dave Crocker wrote:
Since Doug raised the issue, but separate from Andrew's question (and,
hence, the different subject line), the discussion of multiple host
authentication techniques produced a basic hole, with the possibility
that the authenticated identity could be different from the one
asserted in HELO. This is a dangerous hole, indeed.
The resolution is to use whatever domain is associated with the
authentication, rather than the one in the HELO.
I think I've already noted that SASL is usually used to authenticate a
user name not a host name, so the potential for confusion and inadvertent
spelunking is high.
This is aside from the problems that it doesn't fulfill the requirement
for avoiding prior arrangement stated in section 2.2 of the CSV doc, and
that its organizational complexity is the square of the number of MTAs.
The cost of TLS with trusted third parties is linear in both dollars and
complexity. DNS-based authentication is free and scales linearly, and is
extremely efficient in conjunction with CSA.
(The above reasoning is why I think the CSV spec should not be over-
complicated with consideration of multiple authentication methods because
the alternatives are all substantially worse than using the DNS.)
When the client states its identity multiple times should all of the
statements agree? Should the server reject the client if they do not?
These questions almost go away if TLS and SASL authentication are no
longer considered relevant to CSV. However there should probably be some
comment in the CSA specification about what the server does when the
client says EHLO more than once.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
ST DAVIDS HEAD TO COLWYN BAY, INCLUDING ST GEORGES CHANNEL: WEST 4 OR 5
BACKING SOUTHWEST AND INCREASING 5 OR 6. SCATTERED SHOWERS BECOMING MORE
FREQUENT LATER. GOOD DECREASING MODERATE AT TIMES IN SHOWERS. MODERATE
BUILDING LOCALLY ROUGH.