spf-discuss
[Top] [All Lists]

Re: SRS/SES mailing lists?

2004-11-11 11:41:52

----- Original Message -----
From: "David" <david(_at_)ols(_dot_)es>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, November 11, 2004 7:18 PM
Subject: Re: [spf-discuss] SRS/SES mailing lists?


Hi !!

Ok, I've read the SES specs.  I though I knew how it worked.  Nothing
you have said indicates that I don't.

I hope now you can see that is possible to run ses without having to
distribute keys.

Sure.  It is also *possible* to run an email system without using any
network at all by requiring everyone to use the same computer.

well, this is not anything you could argue against ses. which is nowthe
proble you see now that it's clear that there is no need to distribute
keys ?

This, however, means that there are costs associated with SPF+SES that
are
not associated with SPF+SRS.

well, my maths are not high level, but for me it costs less time and
resources to have ses implemented (including all roaming users) than the
cost associated on convincing every forwarder in the world to
implement srs (which in turn is a thing that will never happen). Take
also in account that you could implement ses by yourself without the
need that everybody in the net support it, while with srs you have to
wait for every forwarder to support it before you could use spf to
protect your domain. How may years will take this ?

I still believe that the total cost for
all domains on the Internet of SPF+SRS is less than SPF+SES.

you are assuming that there is plenty of roaming users that do not use
their central smtp server which is wrong.

I don't think so David.  You may have experince of that, but I suggest there
are a significant number of people who are roaming users and who send mail
from whatever server they can get onto,  i.e. a different dial-up ISP.



We have lots of users in
different countries (spain, uk, switzerland, france, south africa)
and some really roaming (moving) users which never need to do direct
smtp delivery and never had any problem using the domain's mta.

That's ok if they have a connection from a reasonable ISP - some ISP's block
the use of mail services other than their own.


In the
other hand users (roaming or not) who do direct smtp delivery, usually
run it's own mta or some advanced mua and are should be smart enough (if
they want to use ses) to install the ses signing and verification
software.

Whoa right there - I have set people up who are clueless and they use their
own domains smtp from all over the place, on different dial-ups, etc.  I do
*not* want to have to go around them all and sort out SES for them now.



If they do not want to use ses they are free to do that,
nobody forces them to use ses.

But the whole point is that you're suggesting SES is the way forward to
authenticate e-mail senders, so it *will* be forced on people, if it became
a standard.



I believe that the cost of SPF+SRS+SES is less than either by using each
tool where appropriate.

the cost of using srs is always the same as you need all forwarders
in the world to support it. It's a cost in time as it will take many
years for it to happen, if it happens. I will really appreciate if
someone has a implementation statics on SRS that we could compare with
implementation of SPF ...


SRS just isn't going to happen - given the amount of infrastructure that
will need patching/modifying.  SES looks better, if the roaming user could
be more easily accomodated.


Slainte,

JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492