[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iesg comment re message submission indraft-ietf-grip-isp-expectations-03.txt

To: "Mike O'Dell" <mo@uu.net>, Randall Gellens <randy@qualcomm.com>
Subject: Re: iesg comment re message submission indraft-ietf-grip-isp-expectations-03.txt
From: Chris Newman <cnewman@innosoft.com>
Date: Tue, 30 May 2000 13:51:44 -0700
Cc: tomk@neart.org, Randy Bush <randy@psg.com>, grip-wg@TransSys.COM, John Gardiner Myers <jgmyers@netscape.com>
Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM
In-reply-to: <QQirkm07109.200005301307@neserve0.corp.us.uu.net>

--On Tuesday, May 30, 2000 9:07 -0400 Mike O'Dell <mo@UU.NET> wrote:
> the disproof of non-existence ("i know of several servers...")
> is hardly a statement of production-quality capability,
> and the operational change you demand impacts many millions
> of users.  one major issue is that many email CLIENTS do not
> support an alternative submission port - it's rare enough to
> find one that can post email using a server different from the
> one it fetched the email from.  and while I applaud Eudora for
> its flexibility, it is, alas, rather unique in that respect.

Almost every email client I've tried accepts the syntax "hostname:587" in 
the SMTP server field and connects to the submit port accordingly.

However, I agree we should be honest that it's not practical for an ISP to 
restrict submission to port 587 yet on the grounds that the syntax 
"hostname:587" is not sufficiently user-friendly and there are a few 
minority clients that don't support that.  However, we should encourage 
server vendors and ISPs to be as proactive about deploying port 587 as 
possible.  The bootstrap problem will continue to exist unless someone 
takes the first step and the cost to server vendors and ISPs to be 
proactive on this front is near zero.

At some point we will start deploying submit-only services which will be 
explicitly banned on port 25 because they would harm the infrastructure. 
The two big ones that come to mind are:

 * URL resolution at submit server.  For example, forwarding an attachment
   from an IMAP server *without* downloading it to the client first.

 * Content translation, for example using a slow high quality audio/video
   compressor on the submit server (the voicemail folk want this).

If we deploy 587 proactively, the transition will be less painful.

The security of a software system has three factors:
	* architecture
	* code quality
	* how quickly security fixes are deployed
Speaking as a server vendor, the security architecture necessary to do 
relay blocking and SMTP AUTH submission on the same port is quite ugly and 
far more error prone than if submit and relay were distinct services.  With 
port 587 I can simply require SMTP AUTH.  With port 25, the recipients have 
to be partitioned into groups which require authentication and groups which 
don't, and the server can't require authentication until the client is in 
the middle of the email transaction.

		- Chris

References:
- Re: iesg comment re message submission in draft-ietf-grip-isp-expectations-03.txt
  - From: "Mike O'Dell" <mo@uu.net>

Prev by Date: Re: iesg comment re message submission in draft-ietf-grip-isp-expectations-03.txt
Next by Date: Re: iesg comment re message submission in draft-ietf-grip-isp-expectations-03.txt
Previous by thread: Re: iesg comment re message submission in draft-ietf-grip-isp-expectations-03.txt
Next by thread: 1 GRIP session please
Index(es):
- Date
- Thread