[Top] [All Lists]

Re: SMTP Service Extension for Priority

2001-06-26 10:21:05

my assessment is that this proposal needs two or three things to 
become viable:

1. a set of rules which ensure that MTAs that implement this proposal
do no harm to the handling of messages  for which they're not willing
to trust the sender's assertion of priority.  e.g. either they
trust the sender's assertion of priority or they simply ignore it.

2. a rule which asserts that when the claimed priority is accepted,
higher priority messages are treated no worse than lower priority
ones.  (as opposed to priority being interpreted however the MTA 
wants to)

3. a story about authentication.  I can see two ways to do this:

- "chain of trust" model
  sender authenticates to original MTA using SMTP AUTH, 
  non-original MTAs can trust the priority of messages relayed from 
  other MTAs if those MTAs also use SMTP AUTH.
  this implies that MTAs don't relay priority unless they receive
  the message from a trusted source.

  this is a weak model, as trust isn't really transitive.
  but it could work in a limited scenario like a military organization.

- "capability model"
  along with original message, client supplies (say in MAIL FROM)
  a verifiable assertion of his ability to set priority this messages.
  essentially this requires that the client sign the message
  (modulo received headers) though you also could allow the originating 
  MTA to sign the message based on the sender's SMTP AUTH credentials.
  note that this isn't intended for authenticating the message to the recipient;
  the signature would not be passed to the recipient.

  this model would allow priorities to be relayed, but each MTA could
  then decide (based on the signature) whether to accept the sender's
  credentials. if the MTA did not accept them, it would ignore priority
  (but it could still relay the priority and the signature to the next
  MTA if it supported those extensions)


<Prev in Thread] Current Thread [Next in Thread>