[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-16 08:35:59

--On Friday, 16 November, 2007 09:33 -0500 John Leslie
<john(_at_)jlc(_dot_)net> wrote:

John C Klensin <john-ietf(_at_)jck(_dot_)com> wrote:

... including my usual problem of not liking to have to be
online to read and reply to messages

   Evidently there is something in the draft which led John K
to believe this problem would arise. That was not our
intention, and it would help to point out the text in question
so we can fix it.

   In the normal case, the TBR URI would be retrieved by a
well- connected MTA on the receiver's Administrative
Management Domain, and the (reconstructed) email would be
forwarded as a non-TBR message to the recipient's message

Sorry, John.

I believe that delegating that sort of authority to the
"well-connected MTA" in the general case constitutes a far worse
operational or security compromise  than anything the TBR
procedure  could help with.  An ADMD is a useful convenience for
modeling but, for the Internet, has little actual meaning in the
general case.  The user of a commercial email service that
provides free mailboxes, or the user of an ISP's mail system,
has _no_ practical control over the behavior of the relevant
servers, despite sharing an ADMD.   Yes, I control my mail
servers and someone receiving mail through the servers of an
enterprise for which she works could be reasonably though of as
being within the same narrowly-defined ADMD, but, in the general
case, no.  

And, for that general case, one either 

        * needs to retrieve or fetch the TBR message onto user
        equipment and then do the retrieval -- a process that
        cannot guarantee that the relevant machines are
        * or needs to engage in filtering in the middle of the
        network, outside the user's practical (as distinct from
        theoretical) administrative control.

the second is a show-stopper for me, as well as a security
problem, etc., etc.  And the first raises the problems with poor
connections and fast-synch requirements.