ietf-smtp
[Top] [All Lists]

Re: draft-murchison-lmtp-ignorequota-01

2001-08-31 09:21:09


On Thu, 30 Aug 2001 15:24:19 PDT, Chris Newman said:
RCPT TO:<foo(_at_)example(_dot_)com> 
LDAP=attr:value:attr:value,value:attr:value

And the mail store should trust these values why?

Because there's a trust relationship between the mail store and the transfer
agent, brought about by some sort of explicit configuration. The transfer agent
may be identifiable as such in a variety of ways: SASL authentication,
physically secure link, VPN, etc.

This sort of thing is done all the time and works quite well.

Even though LTMP is a *local* protocol, this is still inviting to be passed
bad data.  If the message store asks the LDAP server itself, it can at
least use whatever security LDAP has to verify that it's talking to the LDAP
server, and at the very least, it knows that it's being given answers to
queries IT asked.

Hardly. We have all the tools necessary to do such things securely and without
them becoming invitations to passing bad data around. The real risk here is
stale data, not bad data.

                                Ned