On Sun, 19 May 2002, J C Lawrence wrote:
> Start out by extending TLS such that message contents are encluded in
> the negotiation and the resultant signature is embedded in a header. In
> this manner extend TLS chain-of-transcription to both message bodies and
> the Received: path. Then, just to wrap, start rejecting all mail which
> doesn't have end-to-end TLS containment.
That is overkill for the effect that you get. All you are saying is that
each SMTP server should only talk to clients that authenticate well and
that the authentication information should be passed on. Furthermore,
each subsequence server should only accept mail from servers that
(recursively) follow the same requirement that their clients provide
This is just a generalization (stronger restriction) of the sort that says
that we shouldn't have open relays on the net nor relays that accept mail
from dynamic IP addresses without authentication.
Since people don't even agree on blocking mail in the RSS and DUL lists, I
hardly see how your stronger proposal could ever come to pass.
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice