[e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything else?

Vernon Schryver vjs at calcite.rhyolite.com
Tue Jun 12 07:32:45 PDT 2001


> From: "David P. Reed" <dpreed at reed.com>

> ...
> Indeed.  But then the IETF ought to spread the gospel to the folks who are 
> responsible for FTP and SMTP, for example.  These poor souls typically 
> believe that TCP provides a *reliable* stream, where the word reliable is 
> implicitly defined as *perfect*.

I don't know about FTP, but isn't the problem solved for SMTP as much
as it can be?  Sendmail has supported TLS since at least some version
of 8.11 and evidently it's not the only one.  See the "Interoperability"
section of http://www.sendmail.org/~ca/email/starttls.html

What is missing is key distribution, but in many cases that can be
handled.  This morning someone was telling me about using STARTTLS to
control and protect connections between sendmail and netscape as well
as to control STMP relaying.  The IETF should put certificates for
this and all other mailing lists somewhere on http://www.ietf.org
(yes, and/or www.irtf.org as appropriate).  Or the IETF should run
its own CA and sign certificates for this and other lists.  The
importance of this is not to keep the kooks and others from corrupting
the contents but to set a good example for the hordes who believe
there is no defense against such as AOL's SMTP interception proxy,
including those who are installing interception proxies.

Obligatory rant:
    If PKI weren't 99.8% pure snake oil, you'd think somewhere on the
    web would be a place to fetch CA certificates.  You'd guess that
    the PKI vendors would spread their certificates all over the place.
    On the other hand, if the PKI is 99.8% pure snake oil, you'd expect
    the PKI vendors to want to force you to contact them and buy something
    to get their root certificates.


Vernon Schryver    vjs at rhyolite.com



More information about the end2end-interest mailing list