Re: IETF SMTP Working Group Proposal at smtpng.org
The problem with SSL is it doesn't include certificate chain to arbitrary authorities. However, there's a space for web of trust in SSL, I believe, so yeah, a new verison of SSL might be just the ticket. On 8/22/2002 at 00:02:24 +0300, Petri Helenius said:
Treat them sort of like SSL certs now. Charge an annual registrar fee per company, not per server. (Something like $100 a year) The more they have to go out of their way to get their spam server online, the more they would be deterred to do so. They're only going to want to change so many ISP's, go through SWIP and then change their legal name for the registrar so many times.
Why donĀ“t you just start using SSL certs with SMTP ? The protocol is there, ways to get certificates are there, no need to start smoothing a square piece to make a new wheel.
Pete
The problem with SSL is it doesn't include certificate chain to arbitrary authorities. However, there's a space for web of trust in SSL, I believe, so yeah, a new verison of SSL might be just the ticket.
Lets not forget that you need an SSL cert for every server with a different host name, and you need to go through companies like Verisign to get them. (yes, there are lesser evils I know). But using SSL certs could be more expensive then just registering your company, netblock or whatever with a management account. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net Exclusive: We're the only ones who have the documentation.
Lets not forget that you need an SSL cert for every server with a different host name, and you need to go through companies like Verisign to get them. (yes, there are lesser evils I know). But using SSL certs could be more expensive then just registering your company, netblock or whatever with a management account.
i won't glock up this already busy list with a full copy of the proposal, but before y'all go off and invent something, here's some prior art that's been resoundingly pooh-pooh'd by the smtp community. http://www.vix.com/~vixie/mailfrom.txt Abstract At the time of this writing, more than half of all e-mail received by the author has a forged return address, due to the total absence of address authentication in SMTP (see [RFC2821]). We present a simple and backward compatible method whereby cooperating e-mail senders and receivers can detect forged source/return addresses in e-mail. -- Paul Vixie
At 12:56 AM +0000 2002/08/22, Paul Vixie wrote:
i won't glock up this already busy list with a full copy of the proposal, but before y'all go off and invent something, here's some prior art that's been resoundingly pooh-pooh'd by the smtp community.
Yeah, the problem is that this breaks mailing lists, just like other proposals. Otherwise, it would seem to be a nice concept. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
participants (4)
-
Brad Knowles
-
Dave Israel
-
Paul Vixie
-
Robert Blayzor