On 04/21/2017 08:24 AM, Phillip Hallam-Baker wrote:
...
Tweaking the SMTP mail infrastructure doesn't help because the sending
and receiving device do not interact with either server directly under
the current model. SMTP email has grown to meet a lot of important
requirements in ways that make repurposing SMTP mail servers a non starter.
They do not, does not mean they can not. So, maybe SMTP server is not
the correct place. But MX host might be, with a public key server on a
different port. Because the MX host is currently the authority for an
email addresses validity checking (well it bounces it if its not valid -
but it knows if its valid).
Is it repurposing? Is this really different?
RCPT TO user@domain
250 OK
550 No such user here
PEMCERT user@domain
250 OK ...PEM-encoded-cert..
550 No such user here
PGPCERT user@domain
250 OK ...PGP-encoded-cert..
550 No such user here
Thoughts below on this. And I am thinking of how the code would be
written ...
I was leaning towards the SMTP/MX server because its currently the only
place of authority where you can find out if user@host is valid. If you
send a RCPT TO and it says, NO, then your done.
I have no problem with another solution. I just think you would have to
replicate the email address validity check problem as part of that other
implementation. 'User' is not always the same as email address. So any
new service would have to know about email proxy rewrite rules
(Doug.Royer@gateway -> dougr@his-site-server), mailing/distribution
lists, ... and the mess goes on.
I am not saying a public key server would need to understand those
rules. I am saying that Doug.Royer@gateway would be the public key you
might need. I am saying a public key server would need to parallel the
knowledge of what the SMTP server already knows is a valid email address
for its site. Currently Doug.Royer@gateway is in some file/database as
valid in a way that is currently unique the SMTP server implementation.
And, who is the local authority for the public cert of
Doug.Royer@gateway? The SMTP server already knows it goes to
dougr@his-site-server.
So, maybe the SMTP server is not the place. I think it would make for a
simpler implementation. Or maybe an entirely news service, that the SMTP
server would use, to make sure they are in sync.
It seems to me that a completely new approach is not going to be adopted
as quickly as extending SMTP.
Or I could see the SMTP server implementation also opening up a new
public key service port that is only used for fetching public keys. And
that port could use a non-SMTP protocol. However the MX host is the
authority.
Lets not make two authorities.
--
Doug Royer - (http://DougRoyer.US http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135
smime.p7s
Description: S/MIME Cryptographic Signature