Re: a few short notes



On Feb 1, 2004, at 1:12 PM, Paul Smith wrote:

I'd say that mandatory user -> server authentication is vital (I can'tsee any reason NOT to have it, and it certainly removes/reduces theneed to have other authentication methods - eg IP address filtering -which can cause problems)

There has to be a chain of trust from creation of message to finalreading. If anywhere you lose that chain, you have the current state ofe-mail, because wherever that chain is broken, the spammers will findit and use it to inject their own stuff in the way they want to injectit. That means whatever person/agent creates the mail has to beunambiguously known to the server that accepts that mail, and thatserver has to validate that authorization to whoever it hands themessage to, and that authorization has to be passed on however manytimes until reception. If you ever break that, it's over.

that's why I don't want anoymous operations at the mail-ng level. It'sfine at a higher level, because what that really means is there's aserver somewhere that says "I know who he is, I tell you he's okay, butI won't tell you who he is" -- and as long as I accept the judugementof that server, that's okay (or I reject mail from that remailerbecause I don't trust it, my choice). If you lower that into thetransport layer, you have grave issues of keeping that chain of trustsalive. And as soon as it breaks, you have a hole the spammers willlose.

It's also why I'm against global authorization services, because thosebecome single points of failure for these chains of trust.

The reality is -- I don't have to know the person who sent the mail orthe server they live on to accept an email. But I have to know that theinformation identifying that mail is correct so that I can use it todecide whether to accept it, which means each link in the chain oftransfers has to be trusted in maintaining that information is correct.

In the current system, that's not true, and that's the root of thefailures of SMTP.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a few short notes, (continued) Re: a few short notes, Paul Robinson Re: a few short notes, Paul Crowley Re: a few short notes, Hector Santos Re: a few short notes, Iljitsch van Beijnum XML consideration. [Was Re: a few short notes], Hector Santos Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Martin Duerst Re: a few short notes, James Seng Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach <= Message not available Re: a few short notes, Chuq Von Rospach Anonymity, Jacob Palme Re: a few short notes, Martin Duerst Re: a few short notes, James Craig Burley Re: a few short notes, Jari Arkko Re: a few short notes, Eric A. Hall Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Paul Smith Chains of trust vs. PKI, Paul Crowley