From: "Daniel Senie"
The question this raises is whether you're concerned about MTA to MTA communication, or MUA to MTA? I'd be happy to see certs in use for MTA-MTA (and indeed support this today on my systems when talking to other MTAs which are using STARTTLS). However, there are definitely reasons why this would be a difficult requirement if made mandatory. Many embedded devices use SMTP for alerting to trouble (example: the monitoring cards in UPSs). Having a flag day for a switch to requiring certificates would be unworkable in so many ways.
I'm concerned with MTA to MTA. I disagree with your embedded devices issue as it is considered "trusted" or should be. I think that such devices should also quit pretending to be an MTA and act like an MUA. A flag day is necessary, and certification from MTA to MTA is necessary. The key is that the certification should be for the company and not just the server, as well as lookups for said company's certificates should be simplistic. When it comes to mail, people are screaming that they have the right to accept and refuse mail from anyone they want. The problem is that identifying a person by their domain name which no longer has the strict requirements it once did or by their IP address, which is often not kept accurate in SWIPS and Rwhois databases nor managed with proper rdns or even kept static, is near impractical. We talk about security on the Internet. Forget encryption for a moment. We can't even keep track of identities so that we can say "I do not accept email from entity X" and be done with it. -Jack