[Top] [All Lists]

Re: smtp-traffic-control

2011-11-02 15:06:35

On 11/2/11 10:21 AM, John C Klensin wrote:
In the context of the present discussion, I haven't noticed
anyone suggesting linking traffic control options and responses
to authentication, so I don't really understand where that part
of your comment is relevant.   If you are suggesting either
replacing SMTP with a different type of mail model or, as you
have suggested before, replacing the DATA command and
transmission of content with some sort of pointer to where the
recipient can pick the content up... Well, by all means turn
those ideas into a coherent and comprehensive proposal and see
if you can get traction for it.  But I'm not sure they are
relevant to the current discussion.

To clarify, as IPv6 becomes more pervasive, the need for Kerberos services will become more apparent. IMHO, likely to the point of become a common ISP or OS vender offering.

Changes required of SMTP to make use of Kerberos would be minimal. I believe it would only require an SMTP-Auth extension to exchange retained tickets for destination domains. The resulting reduction in unwanted traffic and message overhead should produce a sizable reduction in the cost of providing email, and allow SMTP to properly function within Today's Internet. SMTP will not function within amber.

It would seem appropriate for error codes to be defined for "invalid ticket" and a "valid ticket required". It will be years before "valid ticket required" messages could be used. Even so, this is likely the best solution to deal with LSNs, and the large IPv6 address space that will negate most anti-abuse strategies.

For email to remain practical, a better solution at controlling use of resources is needed. There are several advocating creation of reputation systems that don't authenticate acting domains involved in sending email. Only those domains considered "too big to block" are likely able to survive the many exploits such a strategy would permit.

I can put together an I-D describing the Kerberos ticket extension if you think this would be a logical next step. Its use would supplant RBL like reputation services and gray-listing normally cached by IP address applied at every SMTP exchange.