John C Klensin wrote:
--On Friday, 17 August, 2007 16:18 -0700 SM <sm@xxxxxxxxxxxx>
wrote:
There are ways to validate the sender the first time you
establish a contact. Once that is done, you can use it to
validate future communication you receive from that
correspondent.
...
Hop-by-hop transport-based solutions appear to be easier to
deploy --although there are some concerns about transitivity of
trust relationships and the ability of large mail providers to
force the smaller ones out, among other things-- and they
Given the poor history of actual deployment and use of authentication -- that
IS what is being discussed, right? -- for email, I'm not sure where the
"appear to be easier to deploy" comes from, unless it is the narrow
consideration of the two popular path-based schemes, SPF and Sender-ID. If
so, the large-scale efficacy of them is either unclear or problematic,
depending upon which skeptic is talking. My point is that "appear to be"
requires constraining the consideration too much.
generally work much better when there is a direct connection
between the originating MSA and the final deliver MTA than when
relays are involved. But they also tend to restrict services
somewhat.
In other words, hop-by-hop is easier, when there is only one hop?
Maybe we have to give that up --and
give in to the desire of those who run the large email services
to advertise themselves and lock users in -- but, from my point
of view, the techniques better have very high leverage on spam
and criminal enterprises in order to justify that. Otherwise,
Right. Or perhaps consider alternate techniques that do not impose this
limitation?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf