> Link level crypto, sure. Not everyone likes that though. I was
> refering to folk trying to use SSLftp, where the connection is
> authenticated and encrypted at the application level. Because a SPF
> cannot look inside the payload in such a case, the dynamic opening of
> ports will fail.
And how is an SPF different from a proxy in this case, unless you are saying
the proxy is participating in the encryption.
> Funny, you're the 2nd person to suggest that. But no, I mean exactly
> what I said.
Because you said just cypto and link level crypto and SPF work great.