Re: SMTP and Kerberos
2011-11-04 08:04:27
Douglas Otis wrote:
The way I see it, practically speaking, Ipv6 will bring back the old
simple solution of using "Allow IP Relay Tables" and the "Roaming
user" issue would be a thing of the past.
http://bgp.potaroo.net/v6/as6447/
Please notice currently there are 228,848 billion announced IPv6 /64
equivalent prefixes. A size 65k larger than the entire IPv4 unicast
space. Also note this space is growing exponentially, where the chart
has become vertical. Have fun keeping up with that.
I seriously doubt any one system is going to need to record all that,
after all, a site is are only going to record their "protected realm"
A.K.A network of users, partners or known senders just like its
currently done without sweating it. To assume a single system is
going to need to record 228,848 billion of anything, well, is very
ambitious for any single organization.
At the smaller /48 prefixes, 538, 474, 403, 271, and 270 million
announcements are in Germany, Japan, rest of EU, Australia, and Korea
respectively. Even so, all /48s represent just .000067% of the entire
announced space.
The large spectrum of IPv6 is well understood, but IMV, no single
system is going to need to record anything close to these sizes,
unless of course, your company is planning to take over the world. :)
Placing your inbound servers into a "protected realm" says you wish to
establish a robust method for accepting messages from legitimate domains
that you'll take steps to protect.
Lets assume your I-D proposes something really fantastic - that it can
have a high payoff and impact to lower spam.
What happens to the other AUTH methods? Do we enforce KERBEROS only
senders?
My concern is the idea that SMTP systems will no longer need to accept
mail from non-authenticated senders for local users and to move into a
mode where all senders are (Kerberos) authenticated. In other words,
the Public Port SMTP network will no longer be public.
If enforcement is not mandated, then why would a sender use it? What
benefits do they get over others that using something else? That is
something I would like to know in your I-D.
--
Sincerely
Hector Santos
http://www.santronics.com
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: SMTP Kerberos Considerations, (continued)
- Re: SMTP Kerberos Considerations, Robert A. Rosenberg
- Re: SMTP Kerberos Considerations, Hector Santos
- Re: SMTP Kerberos Considerations, Robert A. Rosenberg
- SMTP and Kerberos (was: Re: smtp-traffic-control), John C Klensin
- Re: SMTP and Kerberos, Douglas Otis
- Re: SMTP and Kerberos, Hector Santos
- Re: SMTP and Kerberos, Douglas Otis
- Re: SMTP and Kerberos,
Hector Santos <=
- Re: SMTP and Kerberos, Douglas Otis
- Re: SMTP and Kerberos, Douglas Otis
- Re: SMTP and Kerberos, Russ Allbery
Re: draft-atkins-smtp-traffic-control, Douglas Otis
Re: draft-atkins-smtp-traffic-control, Alessandro Vesely
|
|
|