Yuhknow...
At 1:43 PM 3/7/94 -0500, "Michael Nittmann, Principal Communications
Analyst, The Trane wrote:
>A change of just this little piece in the smtp protocol would assure
>that all instances of a message can optionally be verified. This
>verification is only useful on firewall systems. Systems within a
>trusted environment would not need to care at all.
A coupla years ago, we had a debate about solving the "8-bit" problem for
email. Do we change SMTP or do we change RFC822? The current thread in
firewalls sounds the same.
Folks, fixing SMTP doesn't hack it.
SMTP is a single-hop protocol, in a multi-hop world. If you are serious
about authentication, you need an end-to-end mechanism. This means that
you need to lay something onto the OBJECT, not the email transport
protocol. That's what PEM/RIPEM/PGP all do and it's the only way you'll
get what you really want.
If you are worried about deprivationofservice attacks by flooding, or the
like, then "link level" SMTP modifications might help.
The only reason to make SMTP participation in the authentication at all is
if you want to have it verify that the next hop is willing to certify
support for the end-to-end mechanis. (I.e., ask it if it supports the
mechanism. This isn't a failsafe, since it can lie, but it can be used to
detect non-support from cooperating sites. (This same approach is being
used to add delivery acknowledgement to Internet mail.
Dave
|
|
