Remote email access

Jack Bates jbates at brightok.net
Tue Feb 4 15:16:04 UTC 2003


From: "Daniel Senie"

> The question this raises is whether you're concerned about MTA to MTA
> communication, or MUA to MTA? I'd be happy to see certs in use for MTA-MTA
> (and indeed support this today on my systems when talking to other MTAs
> which are using STARTTLS). However, there are definitely reasons why this
> would be a difficult requirement if made mandatory. Many embedded devices
> use SMTP for alerting to trouble (example: the monitoring cards in UPSs).
> Having a flag day for a switch to requiring certificates would be
> unworkable in so many ways.
>
I'm concerned with MTA to MTA. I disagree with your embedded devices issue
as it is considered "trusted" or should be. I think that such devices should
also quit pretending to be an MTA and act like an MUA. A flag day is
necessary, and certification from MTA to MTA is necessary. The key is that
the certification should be for the company and not just the server, as well
as lookups for said company's certificates should be simplistic. When it
comes to mail, people are screaming that they have the right to accept and
refuse mail from anyone they want. The problem is that identifying a person
by their domain name which no longer has the strict requirements it once did
or by their IP address, which is often not kept accurate in SWIPS and Rwhois
databases nor managed with proper rdns or even kept static, is near
impractical. We talk about security on the Internet. Forget encryption for a
moment. We can't even keep track of identities so that we can say "I do not
accept email from entity X" and be done with it.

-Jack




More information about the NANOG mailing list