Why is SMTP still relevant?
- From: "John Wallace" <johnwallace4@xxxxxxxxxxxxxxxx>
- Date: Mon, 18 Jun 2007 09:39:52 GMT
"Ron Johnson" <ron.l.johnson@xxxxxxx> wrote in message
news:p50di.582903$2Q1.250900@xxxxxxxxxxxxxxx
On 06/16/07 20:04, Bill Gunshannon wrote:
[snip]
So, what is the technological solution?
Hardened operating systems and some sort of email-account
pre-registration with organizations that issue web-of-trust PGP/GPG
digital signatures. Every user would need to think of a strong
passphrase before being allowed to send email. All emails would
have to be signed. Using computers and the internet would become
*much* more complicated and usage would plummet.
Computers would then only be used by geeks and other sundry
propeller-heads and technophiles. Life will be good again!
--
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
(long post, sorry)
You just (almost) described some of the attributes of an X.400
standards-based secure email system, at least as I used to understand them
some considerable time ago. Apart from the complexity bit of course;
internal complexity does not necessarily have to be exposed to the user or
(mostly) to the administrator (VMS is a prime example).
X.400 email systems have been around since the mid 1980s. When they were
first around, X.400 email systems were impressively complex, unlike SMTP,
and they weren't widely used, primarily they lived in telcos and large
corporates, even though the design of an X.400 system meant that a mail came
from who it said it was from, and that it hadn't been tampered with in
transit, and that a delivery receipt meant something. [Within the usual
confidence levels of cryptography-based stuff anyway].
Basic SMTP is somewhat older than X.400 - SMTP dates from the era of the
teletype, the acoustic coupler, and the 32kword address space, and is
necessarily correspondingly simple. Once upon a time, this was an advantage.
Today, SMTP's architectural simplicity is a huge weakness - an SMTP engine i
s trivially simple, it fits in the payload of a virus or other malicious
download, and is often delivered that way to poorly-protected Window boxes
to form massive botnets used for spamming.
Meanwhile faster computers and PCs (with 32bit address space) and 56k modems
(not to mention broadband) long ago eliminated the need for SMTP-type
simplicity in an email transport agent, but as yet I've seen no one willing
to admit that SMTP is no longer fit for purpose (in fact I've seen little
discussion of the idea). Instead, industry people seemingly prefer to
suggest all kinds of SMTP-based band-aids which might one day provide the
same level of functionality, integrity, and security as X.400 did decades
ago (and, in certain particularly security-conscious circles, still does
afaik).
Anyone care to enlighten me as to why a "paradigm shift" (ouch) to X.400
isn't the answer and band-aids are? I do realise that such a shift wouldn't
take place overnight and that interoperability tools would be needed (which
is fine, they existed years ago). I also realise there is a whole
SMTP-dependent ecosystem out there, from mailserver vendors to band-aid
vendors to ISPs to spammers and more, whose interests will not be best
served if the underlying mail system suddenly loses the vulnerabilities on
which their commercial activities depend, and there are staff who won't want
their SMTP skills to become irrelevant, but is this really the main reason
SMTP survives well beyond its "use by" date? There's also the "not invented
here" factor, X.400 didn't come from the Internerd/RFC community, it came
from those nasty telco folks, but twenty-odd years later doesn't the reality
look like the telcos may have been the ones going the right way, maybe they
were just a bit before the cheap computing power (and bandwidth) was
available?
Feel free to extend the discussion as to where X.500 directory services
might fit (y'know, making sure that your email to John Smith went to the
*right* John Smith). And what the mail-related role of a real Internet
*service* Provider might be in this brave new world (rather than today's
connectivity providers with a few servers reluctantly added as an
afterhought).
You could even consider whether such a world might have a role for a highly
secure, highly reliable, highly scalable OS and application set which might
be a suitable platform for mail servers capable of reliably supporting user
communities of anything from dozens of users all the way to hundreds of
thousands of users (maybe more). Could be an opportunity there for someone
(but they'd perhaps have to risk upsetting the existing SMTP-dependent
ecosystem...).
Folks have (mostly) given up on RSX11 and even on MS-DOS, for understandable
reasons. Isn't it time SMTP went the same way?
Discuss
John
.
- Follow-Ups:
- Re: Why is SMTP still relevant?
- From: Ron Johnson
- Re: Why is SMTP still relevant?
- References:
- PLUG: PMAS
- From: Mark Daniel
- Re: PLUG: PMAS
- From: Phillip Helbig---remove CLOTHES to reply
- Re: PLUG: PMAS
- From: Bill Gunshannon
- Re: PLUG: PMAS
- From: Richard B. Gilbert
- Re: PLUG: PMAS
- From: david20
- Re: PLUG: PMAS
- From: Bill Gunshannon
- Re: PLUG: PMAS
- From: Ron Johnson
- PLUG: PMAS
- Prev by Date: Re: PLUG: PMAS
- Next by Date: Re: PLUG: PMAS
- Previous by thread: Re: PLUG: PMAS
- Next by thread: Re: Why is SMTP still relevant?
- Index(es):
Relevant Pages
|
Loading
