[Top] [All Lists]

Re: SMTP and Kerberos

2011-11-04 08:04:27

Douglas Otis wrote:

The way I see it, practically speaking, Ipv6 will bring back the old simple solution of using "Allow IP Relay Tables" and the "Roaming user" issue would be a thing of the past.

Please notice currently there are 228,848 billion announced IPv6 /64 equivalent prefixes. A size 65k larger than the entire IPv4 unicast space. Also note this space is growing exponentially, where the chart has become vertical. Have fun keeping up with that.

I seriously doubt any one system is going to need to record all that, after all, a site is are only going to record their "protected realm" A.K.A network of users, partners or known senders just like its currently done without sweating it. To assume a single system is going to need to record 228,848 billion of anything, well, is very ambitious for any single organization.

At the smaller /48 prefixes, 538, 474, 403, 271, and 270 million announcements are in Germany, Japan, rest of EU, Australia, and Korea respectively. Even so, all /48s represent just .000067% of the entire announced space.

The large spectrum of IPv6 is well understood, but IMV, no single system is going to need to record anything close to these sizes, unless of course, your company is planning to take over the world. :)

Placing your inbound servers into a "protected realm" says you wish to establish a robust method for accepting messages from legitimate domains that you'll take steps to protect.

Lets assume your I-D proposes something really fantastic - that it can have a high payoff and impact to lower spam.

What happens to the other AUTH methods? Do we enforce KERBEROS only senders?

My concern is the idea that SMTP systems will no longer need to accept mail from non-authenticated senders for local users and to move into a mode where all senders are (Kerberos) authenticated. In other words, the Public Port SMTP network will no longer be public.

If enforcement is not mandated, then why would a sender use it? What benefits do they get over others that using something else? That is something I would like to know in your I-D.


Hector Santos
jabber: hector(_at_)jabber(_dot_)isdg(_dot_)net

<Prev in Thread] Current Thread [Next in Thread>