Re: SMTP Working Group Proposal at smtpng.org
Valdis.Kletnieks@vt.edu Tue, 20 August 2002 21:59 UTC
Received: from loki.ietf.org (loki [10.27.2.29]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28671; Tue, 20 Aug 2002 17:59:34 -0400 (EDT)
Received: (from adm@localhost) by loki.ietf.org (8.9.1b+Sun/8.9.1) id SAA29411 for ietf-outbound.10@loki.ietf.org; Tue, 20 Aug 2002 18:00:01 -0400 (EDT)
Received: from ietf.org (odin.ietf.org [10.27.2.28]) by loki.ietf.org (8.9.1b+Sun/8.9.1) with ESMTP id RAA29383 for <ietf-mainout@loki.ietf.org>; Tue, 20 Aug 2002 17:57:35 -0400 (EDT)
Received: by ietf.org (8.9.1a/8.9.1a) id RAA28622 for ietf-mainout@loki.ietf.org; Tue, 20 Aug 2002 17:56:12 -0400 (EDT)
X-Authentication-Warning: ietf.org: majordom set sender to owner-ietf@ietf.org using -f
Received: from turing-police.cc.vt.edu (turing-police.cc.vt.edu [198.82.160.121]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA28617 for <ietf@ietf.org>; Tue, 20 Aug 2002 17:56:08 -0400 (EDT)
From: Valdis.Kletnieks@vt.edu
Received: from turing-police.cc.vt.edu (localhost [127.0.0.1]) by turing-police.cc.vt.edu (8.12.5/8.12.5) with ESMTP id g7KLurLm010888; Tue, 20 Aug 2002 17:56:53 -0400
Message-Id: <200208202156.g7KLurLm010888@turing-police.cc.vt.edu>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4+dev
To: william@elan.net
Cc: ietf@ietf.org
Subject: Re: SMTP Working Group Proposal at smtpng.org
In-Reply-To: Your message of "Tue, 20 Aug 2002 14:04:27 PDT." <Pine.LNX.4.33.0208201333280.5703-100000@sokol.elan.net>
X-Url: http://black-ice.cc.vt.edu/~valdis/
X-Face-Viewer: See ftp://cs.indiana.edu/pub/faces/index.html to decode picture
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#; 3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t( ^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-) %9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <Pine.LNX.4.33.0208201333280.5703-100000@sokol.elan.net>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1245395591P"; micalg="pgp-sha1"; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 20 Aug 2002 17:56:53 -0400
Sender: owner-ietf@ietf.org
Precedence: bulk
X-Loop: ietf@ietf.org
On Tue, 20 Aug 2002 14:04:27 PDT, william@elan.net said: > I believe its time we start working within IETF on new version of SMTP > that would have more features and be more secure. I'v tried to point this > out several times before on nanog and ietf hoping that someone would take > the initiave but as this did not happen, I'm willing to do it now. At this > point I'm proposing creation of IETF working group that would look into > ways to extend SMTP. I'v created website and mailing list to discuss > charter of the proposed working group at http://www.smtpng.org > 1. General extensions on SMTP negotiation This group will work on > extensions to general SMTP syntax with primary focus on mechanism for > negotiation on type of verification and security for transmission of mail > message between two mail servers. EHLO - a done deal a decade ago. > 2. Callback and delayed transmission extensions > This group will work on extensions to SMTP for email callback mechanism. > Callback should allow for special type of negotiation on transmission where > instead of immediately sending a message, one email server would request a > callback and specify time when the email message can be picked up from the > original server. Additional work should also be done on delayed transmission > extensions as proposed in draft-vaudreuil-futuredelivery-00 draft. ETRN could be extended, and you have a draft that should probably be handled in the IETF-SMTP group. > 3. Secure SMTP transmission > This group will focus on extensions allowing for additional security and > encryption for SMTP transmission for situations where such functionality is > desired by both parties. > 4. Certificate based verification > This group will work on certificate-based verification. This functionality > would involve incorporation of SSL-like functionality into SMTP to allow two > mail servers to verify each other by exchanging certificates. RFC2487. Already shipped as part of Sendmail 8.11.0 over 2 years ago. Only thing missing here is a good X.509 PKI, which is out-of-scope for an SMTP working group anyhow. > 5. Callback verification > This group will also work in conjunction with group#2 on how callback > mechanisms can be used to verify authenticity of mail servers. Work would also > be done on callback verification as proposed at draft-nunn-ssmtp-00.txt draft. And this needs a new working group why, rather than doing it in the IETF-SMTP group? > 6. User/Password and other authentication verification > This group will focus on authentication verification that can be used in > conjunction with SMTP. The primary use of authentication should be to allow > end-users to relay messages through their ISP's mail server, but this group > should also work on how the same methods can be used in ISP-ISP mail server > verification. Work should also be done in conjunction with group#3 to make sure > that clear text passwords are not sent across public networks. The same methods can be used no problem. There's no reason SMTP AUTH can't be used between ISP's, except for the lack of a PKI, unless you want to manage O(n**2) password/authentication token pairs. > 7. Signatory and other verification mechanisms > This group will work on verification schemes involving special type of > signatures that would accompany email and on other similar verification methods We already have S/MIME and OpenPGP standards. > 8. Delivery confirmation and address verification > This group will work on extensions allowing for delivery confirmation options > to be incorporated into SMTP, the initial start can be > draft-moore-rfc1891bis-01draft. Additional work should also be done on ways to > use mail server verification mechanism in conjunction with email address > verification (certain level of trust between mail servers is often desired > before one mail server would allow another to know if certain subscriber > exist). Delivery confirmation is already a solved issue, with DSN and MDN support. Address verification is going to be a can of worms - consider the reasons many sites disable VRFY before you go much further. > 9. MIME extensions > This group will work with all other groups on necessary additions and changes > to MIME content types as used in email transmissions. Too vague for a charter, I suspect. > 10. Email headers > This group will work with other groups to define if necessary new email headers > and work on clarification of use of existing email headers by mail transfer > agent programs. Similarly. I see 2 "too vague", two "can of worms/scaling" problems (PKI and verification), 2 that should probably be handled in the current SMTP group, and a number of already-solved problems. I'm not sure what the working group would be charged with accomplishing. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
- Why spam is a problem Bill Cunningham
- Re: Why spam is a problem Greg Skinner
- SMTP Working Group Proposal at smtpng.org william
- Re: SMTP Working Group Proposal at smtpng.org Valdis.Kletnieks
- Re: SMTP Working Group Proposal at smtpng.org william
- Re: SMTP Working Group Proposal at smtpng.org Dave Crocker
- Re: SMTP Working Group Proposal at smtpng.org william
- Re: SMTP Working Group Proposal at smtpng.org John C Klensin
- Re: SMTP Working Group Proposal at smtpng.org John C Klensin
- Re: SMTP Working Group Proposal at smtpng.org Valdis.Kletnieks
- MUST/SHOULD and related terminology Martin Duerst
- Re: MUST/SHOULD and related terminology Fred Baker
- Re: MUST/SHOULD and related terminology C. M. Heard