On 11/2/11 10:21 AM, John C Klensin wrote:
In the context of the present discussion, I haven't noticed
anyone suggesting linking traffic control options and responses
to authentication, so I don't really understand where that part
of your comment is relevant. If you are suggesting either
replacing SMTP with a different type of mail model or, as you
have suggested before, replacing the DATA command and
transmission of content with some sort of pointer to where the
recipient can pick the content up... Well, by all means turn
those ideas into a coherent and comprehensive proposal and see
if you can get traction for it. But I'm not sure they are
relevant to the current discussion.
To clarify, as IPv6 becomes more pervasive, the need for Kerberos
services will become more apparent. IMHO, likely to the point of become
a common ISP or OS vender offering.
Changes required of SMTP to make use of Kerberos would be minimal. I
believe it would only require an SMTP-Auth extension to exchange
retained tickets for destination domains. The resulting reduction in
unwanted traffic and message overhead should produce a sizable reduction
in the cost of providing email, and allow SMTP to properly function
within Today's Internet. SMTP will not function within amber.
It would seem appropriate for error codes to be defined for "invalid
ticket" and a "valid ticket required". It will be years before "valid
ticket required" messages could be used. Even so, this is likely the
best solution to deal with LSNs, and the large IPv6 address space that
will negate most anti-abuse strategies.
For email to remain practical, a better solution at controlling use of
resources is needed. There are several advocating creation of
reputation systems that don't authenticate acting domains involved in
sending email. Only those domains considered "too big to block" are
likely able to survive the many exploits such a strategy would permit.
I can put together an I-D describing the Kerberos ticket extension if
you think this would be a logical next step. Its use would supplant
RBL like reputation services and gray-listing normally cached by IP
address applied at every SMTP exchange.