ietf-smime
[Top] [All Lists]

Re: PKI and S/MIME

2003-08-14 16:41:26

"Blake Ramsdell" <blake(_at_)brutesquadlabs(_dot_)com> writes:

Well, I'm not sure I agree with you here.  End user SMTP/POP3/IMAP mail
clients today don't implement lots of DNS operations -- they just say
"all mail goes to this SMTP server" which is a simple gethostbyname
style call.  Specifically, they don't deal with MX records.  It has
actually been pointed out in other forums (and I've had experience with
this myself) that Windows is particularly ornery to work with for
arbitrary DNS record types that aren't supported through native APIs (I
had to write my own DNS client code to handle MX records back in the
day, and Peter Gutmann told me he got slapped around pretty good trying
to work with SRV records).

Steve Hole <steve(_dot_)hole(_at_)messagingdirect(_dot_)com> writes:

Even here there is an advantage for DNS: mail clients already
implement DNS.  There is no need to open ports in firewalls etc for
LDAP or XKMS.  There is no need to implement new client code in the
mail client.

That is, regrettably, not accurate.   Existing clients do very little but 
hostname to address translation and service port location.   I would be 
very surprised if they did anything but gethostbyname and getservbyname 
calls (or the platform API equivalent).   It would be an addition to get 
them to query and retrieve records directly.

It is clear that I have been spoiled by working with free software
mail clients in the Unix world, which often do implement this.  Even
when they don't, a res_query() is never far away.  Thanks for sharing
experiences from other environments.

Still, I believe part of my argument still holds.  Even if your mail
clients only use gethostbyname(), that still means the DNS
infrastructure is available on the client machine.  It hasn't been
blocked by firewalls etc.  This simplifies deployment.

But this isn't an important point, and I don't see anything that can
be seen as a _disadvantage_ for DNS compared to LDAP or XKMS here.
Perhaps this tangental issue only distract us from the big picture.

Regards,
Simon


<Prev in Thread] Current Thread [Next in Thread>