On 30/07/2014 15:07, BlueStar88 wrote: > Am 30.07.2014 um 14:17 schrieb Daniele Nicolodi: >> One of the main features of the current email infrastructure is its >> interoperability and capability to work as a federated system. Therefore >> the adherence to the defined and deployed protocols is very important. >> You cannot design a new protocol and expect every service provider to >> jump wagon the next day. Therefore you will have to continue to accept >> mail from system speaking the old protocol as well. > > Extending a capability doesn't need the awareness of the service > providers at all. If hardened Postfix instances meet each other, they > could agree to use such an extension without even the knowledge of their > operators. STARTTLS is such an by-case agreement feature. > >> Therefore you gain nothing from the switch because you cannot know if >> someone speaking the old protocol does it by lazines or other reason or >> for exploiting its weakness. > > There is no switch. There could be the extension and ... rule tables. If > you know a group of peers using such an extension, simply set a > mandatory flag for each of them. If an adversary manipulates the > negotiation itself, no mail will be transferred. Thanks to the new > "Uber-Postfix-Extension" (UPE). ;-)
If you need to maintain table, I fail to see where this adds anything over client certificates checks or simple authentication. > It's just the same way, you reject unverified or untrusted server > connections today. If it is just the same way, why do you need to implement something more? > That isn't perfectly true. There's a broad hosting service world > offering quite different SSH implementations, which are out of the > control of the given single entity. Each users SSH client has to cope > with such a different set of SSH servers the same way, MTAs and MUAs > have to contact their peers. Every application with broad use and done > by many different implementations can be called a "federal system" with > the obvious need of interoperability. You don't understand what a federated systems is and how mail delivery works. I don't think there is much point in discussion this further since wrong assumptions can only lead to wrong conclusions. Cheers, Daniele
