Return-Path: <ietf-bounces@ietf.org>
Received: from murder ([unix socket])
	 by eikenes.alvestrand.no (Cyrus v2.2.8-Mandrake-RPM-2.2.8-4.2.101mdk) with LMTPA;
	 Sun, 12 Jun 2005 10:39:20 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost.localdomain [127.0.0.1])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 13D8361B03
	for <harald@alvestrand.no>; Sun, 12 Jun 2005 10:39:20 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1])
 by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 06138-01 for <harald@alvestrand.no>;
 Sun, 12 Jun 2005 10:39:16 +0200 (CEST)
X-Greylist: domain auto-whitelisted by SQLgrey-1.4.8
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 54BB761AFB
	for <harald@alvestrand.no>; Sun, 12 Jun 2005 10:39:15 +0200 (CEST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32)
	id 1DhNwn-0003Zw-Qf; Sun, 12 Jun 2005 04:36:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32)
	id 1DhNwk-0003Zj-2G; Sun, 12 Jun 2005 04:35:58 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA18028;
	Sun, 12 Jun 2005 04:35:55 -0400 (EDT)
Received: from montage.altserver.com ([63.247.74.122])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DhOIY-0007yl-Nb; Sun, 12 Jun 2005 04:58:45 -0400
Received: from [62.35.167.26] (helo=jfc.afrac.org)
	by montage.altserver.com with esmtpa (Exim 4.44)
	id 1DhNvF-0002ud-4t; Sun, 12 Jun 2005 01:34:25 -0700
Message-Id: <6.2.1.2.2.20050612102929.04097eb0@mail.jefsey.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Sun, 12 Jun 2005 10:33:48 +0200
To: John C Klensin <john-ietf@jck.com>,
	Christian Huitema <huitema@windows.microsoft.com>,
	Brian E Carpenter <brc@zurich.ibm.com>,
	Keith Moore <moore@cs.utk.edu>
From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
In-Reply-To: <6C484FC792B2E47F82054CF9@scan.jck.com>
References: <DAC3FCB50E31C54987CD10797DA511BA0F236015@WIN-MSG-10.
	wingroup.windeploy.ntdev.microsoft.com>
	<6C484FC792B2E47F82054CF9@scan.jck.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - montage.altserver.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jefsey.com
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: ietf@ietf.org, iesg@ietf.org, Dave Crocker <dcrocker@bbiw.net>
Subject: Re: Client and server authentication for email (was: RE: Last
 Call: 'Email Submission Between Independent Networks' to BCP)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>,
	<mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Virus-Scanned: amavisd-new at alvestrand.no

At 16:56 11/06/2005, John C Klensin wrote:
>         (2) If the key issue is "be sure you are talking to the
>         right server", then one could still use a
>         challenge-response mechanism as long as the server were
>         properly verified to the client.  Presumably that could
>         be accomplished by client possession and verification of
>         a server key or by an extra secret and handshake. That
>         would presumably be "good enough" unless we also have a
>         significant concern about sessions being hijacked once
>         they have been properly initiated. I don't know the
>         degree to which that is a practical concern (remember
>         that SMTP sessions, especially pipelined ones, are
>         typically pretty short and that, e.g., IMAP has
>         provisions for in-session reverification although I
>         believe they are still not intensively used).
>         Conversely, if the server identity is not verified, or
>         is verified only by the luser's receiving an
>         incomprehensible warning message and clicking "accept"
>         every time, then even encryption wouldn't seem to help
>         much.

Yes. This is why I rise the multimodal general issue (can be check-back 
procedure, parallel exchanges, multichannels, multitechnology, etc.). This 
also goes with a generalised usage of IPv6 (identification of a permanent 
address - I do not think the IPSEC is of interest here as one never knows 
about the real end to end path?).
jfc



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf