Rand Wacker wrote:
I agree with some of the things you say Michael:
The MARID charter is "authenticate mail transfer".
Interesting, I went back to read the charter and notice that MARID has no
binding to do IP-based authentication (although it could be read that
way). Maybe we *should* just go straight to a crypto-based solution.
That would seem to get around a lot of the disagreement currently on the
list.
Well, I think the IETF should tackle crypto-based solutions after we have
the IP-based authentication standard well on its way. MARID's charter might
allow this.
IP-based authentication on MTAs has been seen as the first step because it
has a smaller deployment and a smaller performance cost than the
crypto-based solutions. And, surprisingly robust authentication can be done
with IP-based authentication, if the 2821 HELO and/or MAIL FROM are used.
Crypto-based solutions can be applied later (after the IP-based
authentication), because it has a larger deployment (modification to message
re-writers like mailing lists, and normally also modifications to MUAs) and
a much larger performance cost.
Michael R. Brumm