ietf
[Top] [All Lists]

Re: SMTP authentication (not soon)

2014-07-11 19:12:23
On Jul 10, 2014, at 1:53 AM, Viktor Dukhovni 
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

On Thu, Jul 10, 2014 at 08:29:49AM +0100, Dave Cridland wrote:

On 10 July 2014 02:45, Phillip Hallam-Baker 
<phill(_at_)hallambaker(_dot_)com> wrote:

So how can it be impractical to do something that has already been routing
for over a decade?

Also, XMPP has almost the exact same set of problems as (MTA/MTA) SMTP, and
seems to have deployed TLS with PKIX auth just fine

This is a dramatic over-simplification.

and the deployed
network is shifting with some pace toward this being mandatory.

TLS yes, PKIX authentication, not so much, and only provides security
when the XMPP server can obtain certificates for the target domain
(not the SRV host).  With SMTP third-party MX hosting is rather common,
and makes the latter substantially more difficult.

It seems POSH (*) could be applied to SMTP?

(*) http://tools.ietf.org/html/draft-ietf-xmpp-posh

-d



The only additional issue for SMTP is that you'd need SNI, but that's not
terribly onerous these days.

This is also a dramatic over-simplification.  SNI support is easy,
cross-domain key management is not, and other barriers remain.
Since this is a distraction, I will not debate it further point by
point.

-- 
      Viktor.



<Prev in Thread] Current Thread [Next in Thread>