I look forward to your paper on "the end to end concept, and why it doesn't apply to email" ;)
Clearly the answer is that it never has applied to email in the pasts. Hosts don't email each other, people do. People have always relied on Internet postmaster services to enable Internet email. Given that we have already thrown out the end-to-end concept from day one, why must we maintain such a brain-dead flat architecture. People who wanted the end-to-end concept used to use "talk" on UNIX and Windows popup messages until recently. Now, even those people have shifted to a hierarchical architecture of instant-messaging servers.
I'm not convinced there is an email architecture problem of relevance to the discussion. People mistake a security problem for its most visible symptoms.
There is more than one security problem here. A well-thought-out email architecture will only address one of those security problems.
The SMTP based email system has many faults, but it seems only mildly stressed under the onslaught of millions of hosts attempting to subvert it.
It depends where you measure that stress. The decline of Internet email mindshare in favour of IM and Web forums indicates to me that it is severely stressed at the user level.
We may need a trust system to deal with identity within the existing email architecture,
Bingo!
but I see no reason why that need be hierarchical, indeed attempts to build such hierarchical systems have often failed to gather a critical mass, but peer to peer trust systems have worked fine for decades for highly sensitive types of data.
Peer-to-peer is a form of hierarchy. If you decide to trust X, Y, and Z and also trust all the hosts that X, Y and Z trust, then you have a trust hierarchy carved out of the peer-to-peer space. So if I trust AOL, Earthlink and Verizon, and I also trust all those trusted by these three, then you can't talk to my mail server until you arrange trust with me, or with one of the three trusted mail systems. Fact is that the email architecture does not include any form of trust and things like Sender-ID and DKIM are only bandaids that don't solve the problem and introduce additional insecurities. Additionally, if we can introduce hierarchy into the mail flow, we also introduce points at which cost-based models of spam prevention can be tried. If you can pay a penny a message to guarantee that your mail gets delivered quickly, bypassing any spam-filtering checkpoints, then that is something that the majority of users would buy into and the money provides grease for the wheels of the system, making it worthwhile to do things like set up an email peering agreement. Let's face it, the Internet of the early 90's is gone. It won't be coming back either. The challenge now is to operate a network that is capable of being *THE* global communications infrastructure. If the public Internet doesn't adapt to this job, then other networks will leverage the IETF's technology to do so. --Michael Dillon