Re: Last Call: SMTP Message Submission to Proposed Standard

[Dave Crocker <dcrocker@brandenburg.com>]

At 03:20 PM 5/11/98 -0600, Lyndon Nerenberg wrote:
>> It's now time to create a distinct posting service and to create it as
>> simply as possible.  Instantiating SMTP on a separate port and with some
>
>The problem with SUBMIT (according to the latest draft I reviewed) is that
>AUTH is optional. Unless SUBMIT *requires* authenticated message injection

That is correct.  No one said that the current spec solves the spamming
problem.  Rather, the concern is to separate submission from relaying, so
that a range of differential services can be considered and developed.  Use
of submission-time authentication is just one -- albeit obvious and
important -- concern.

>I still contend that the existing SMTP, coupled with AUTH, and including
>the SUBMIT header processing extensions described in the draft, will work
>just fine one the existing port. In the course of identifying yourself to

It is always possible to multiplex two different services together.
Multiplexing mail over the file transfer protocol worked fine for ten
years.  Analysis of any single item can easily lead one to be convinced
that we do not need to separate things.

The problem is that the "flavour" of submission has come far enough to be
distinguishable from relaying and should therefore be separated explicitly.

If you have two different ports, you can have two different code bases, or
you can have one code-base and let it run on both ports.  If you have one
port, there is no choice.  You must use a single code base.  

Code which has massive numbers of tests like (if relay then...; else ...)
sprinkled freely throughout greatly increases the complexity and bugginess
of code.

d/

_________________________________________________________________________
Dave Crocker                Brandenburg Consulting        +1 408 246 8253
dcrocker@brandenburg.com      675 Spruce Drive        (f) +1 408 273 6464
www.brandenburg.com        Sunnyvale, CA 94086  USA