On 1/1/20 3:02 PM, John Levine wrote:
More than that, more complex authentication doesn't solve the problem,
since compromised devices can send authenticated spam.
There is no such thing as "the" problem. There are only threats and
Compromised devices are one kind of threat; unauthorized devices
introduced into the environment are a different kind of threat.
If you're concerned about threats to and from IoT devices,
isn't that more what MUD addresses?
You've heard of the concept of layered defense, I assume.
Also, I have no idea how much adoption of MUD there will be in these
environments. Not much, I expect, but it wouldn't bother me to be
ietf-smtp mailing list