Re: ADMD
2007-03-14 15:27:48
At 10:52 AM 3/14/2007 -0700, Dave Crocker wrote:
David MacQuigg wrote:
The Border is a special ADMD boundary, one in which there is no prior
relationship.
That strikes me as an extremely helpful definition. Concise, clear and
meaningful.
I think, however, I might disagree with it, although I'd be inclined to
put this in terms of a change, rather than being basic.
I believe that a Border MTA role is important, even when there is a
special arrangement between the neighboring ADMDs. (It doesn't matter
whether the IP linkage between the ADMDs is through a private network or
over the public Internet. There are all sorts of special trust
arrangements possible.
1. Do folks prefer "Border" or "Boundary"? I think "Boundary" gets used
more, but I don't really care which is chosen, as long as there is good
agreement to yse the term?
Trust is the factor that distinguishes the border to the Internet from the
boundary around an ADMD. If I understand the English connotations of these
words, it seems "border" has more connection with trust than
"boundary". e.g. We have a Border Patrol, and we draw boundaries around
items in a Figure to indicate a grouping. So my vote is for "border".
So I'd be inclined towards a definition along the lines of:
2. "A Bo* module is portal to an ADMD. It may be provide any of the
underlying functional roles within the architecture. Its additional role
at the Bo* is to enforce exit and/or entry policies for the ADMD, when
interacting with Bo* modules in other ADMDs."
Thoughts?
I worry that we will dilute the meaning of Border if we have a border
module in every ADMD, even when they are not at the Border. Also, Fig. 5
already fills an entire page, so you won't be able to squeeze in two more
modules. :>) I would be OK just calling them MTAs, with the understanding
that any MTA connecting across a Border must perform some Border functions
(authentication, filtering, etc.).
You define the term "Edge" on page 12 to mean something similar, but Fig.
4 shows an Edge between two related ADMDs.
Mumble. The document uses the term "Edge" to refer to an entire
ADMD rather than to a module within it. An Edge ADMD is an originator or
final recipient administrative environment.
A Bo* module will exist at the outer limits of *any* ADMD, edge, transit,
or whatever.
Now I'm even more confused. The Edge ADMDs in Fig. 4 are at the edge of
the Internet, which may be a few hops from either the Originator or the
Recipient.
Can we at least agree that there is one special boundary between ADMDs,
and that is the Border between sending and receiving NoAs?
I think it is between any two ADMDs. Not sure I understand the special
role between "NoA"s. Please clarify.
This is the one boundary where we are dealing with strangers (connecting to
MTAs in unrelated ADMDs). Related ADMDs can establish a secure channel
using passwords, pre-arranged IPs, or even just a private email address.
My sending NoA includes yahoo.com and controlledmail.com. Yahoo asks me
for a password when I want to send mail. Controlledmail checks my IP address.
On the receive side, my NoA includes yahoo.com, pobox.com, box67.com,
ieee.org, and arizona.edu, all Border ADMDs forwarding to my mailstore at
gain.com. The Border ADMDs have a full set of defenses against spam. I've
turned OFF the border defenses at my mailstore. Its only protection is a
private address that can't be guessed in a dictionary attack.
As you already know, there is a serious challenge to keep the figures
understandable.
I am really impressed with the ASCII art in Fig. 5. :>) See also
http://www.chris.com/ASCII/
-- Dave
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: ADMD (was: Re: I-D ACTION:draft-crocker-email-arch-06.txt), (continued)
- Re: ADMD, Frank Ellermann
- Re: ADMD, Hector Santos
- Re: ADMD, Frank Ellermann
- Re: ADMD (was: Re: I-D ACTION:draft-crocker-email-arch-06.txt), Valdis . Kletnieks
- Re: ADMD, Dave Crocker
- Re: ADMD, David MacQuigg
- Re: ADMD, Dave Crocker
- Re: ADMD,
David MacQuigg <=
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Dave Crocker
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Hector Santos
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Hector Santos
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Frank Ellermann
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], ned+ietf-smtp
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Valdis . Kletnieks
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Hector Santos
- Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Frank Ellermann
Re: [Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Hector Santos
[Fwd: I-D ACTION:draft-crocker-email-arch-06.txt], Dave Crocker
|
|
|