[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authenticated smtp

> I am begining to suspect that for truly authenticated SMTP (submission)
> we need to wrap it within SSL.  Then we could do simple password login,
> once the session is encrypted, and we have verified that the server is
> trusted..  Or is my vision going too far ?

I strongly beleive that a sort of public key crypto is the only real way
to go with authentication, yes.  Maybe even without passwords, if you have
a way to verify public keys.

> On the other hand, there is a matter of transitive trust in between
> servers.  In general Internet there is NO transitive trust on SMTP
> model.

On the other hand, yes, the whole thing seems rather pointless unless all
Internet stops relaying unauthenicated mail.  Will it?  I don't think so.