On Tue, 20 May 2008, Ned Freed wrote:
There are likely to be cases within a domain where a client wants to
get his address "signed" with BATV but where you don't want to hand
out the shared secret (or private key for that matter) to the
client. As such, a missing component here is a on-wire way to ask
some agent to form this signing operation. The obvious place to have
this is as an SMTP eubmit extension, although of course other
approaches are possible.
The usual approach would be to make this implicit by configuring the
client to use a submission server that adds the tag. I'm not sure why
you'd need or want any explicit signalling.
That assumes that the only time such an address is needed the goal is
always to immediately submit the message for transport using the
submission server operated by client's administrative domain. That may
not be what I want to do with the message. Just as one example, the
client could be remote and could be constained to submit mail to some
If the client can't use its normal submission server then I don't see what
use a message submission protocol extension would be :-)
Firsst of all, I said nothing about not being able to use. There are plenty of
reasons (speed, policy, separate environment) why I might be able to reach one
server but prefer or be required to actually use another for submission.
But suppose we are dealing with a case where the server isn't always
accessible. In such a situation a client could go to the server when it is
available, get its address signed, and then cache the result for use when the
server isn't available.
Since a BATV address is only useful during message transport I'm not sure
what situations other then message submission you'd want to create one.
The fact that it is useful during transport doesn't mean I always want messages
containinng such address transported immediately and by a given submission
P.S. One way to finesse this would be to have the submission server echo the
changed address in response to a MAIL FROM. That way a client could get its
address "signed" by starting a transaction, getting the MAIL FROM response, and
issuing a RSET. It's a way to do it with essentially no protocol additions or