On Sun, 19 May 2002, J C Lawrence wrote: > Start out by extending TLS such that message contents are encluded in > the negotiation and the resultant signature is embedded in a header. In > this manner extend TLS chain-of-transcription to both message bodies and > the Received: path. Then, just to wrap, start rejecting all mail which > doesn't have end-to-end TLS containment.
That is overkill for the effect that you get. All you are saying is that each SMTP server should only talk to clients that authenticate well and that the authentication information should be passed on. Furthermore, each subsequence server should only accept mail from servers that (recursively) follow the same requirement that their clients provide authentication information. This is just a generalization (stronger restriction) of the sort that says that we shouldn't have open relays on the net nor relays that accept mail from dynamic IP addresses without authentication. Since people don't even agree on blocking mail in the RSS and DUL lists, I hardly see how your stronger proposal could ever come to pass. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ Relativism is the triumph of authority over truth, convention over justice
