[69511] in North American Network Operators' Group
Re: Lazy network operators
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Apr 13 20:37:45 2004
From: "Steven M. Bellovin" <smb@research.att.com>
To: John Curran <jcurran@istaff.org>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Tue, 13 Apr 2004 19:56:55 EDT."
<p06020407bca227be1be3@[192.168.1.101]>
Date: Tue, 13 Apr 2004 20:36:44 -0400
Errors-To: owner-nanog-outgoing@merit.edu
In message <p06020407bca227be1be3@[192.168.1.101]>, John Curran writes:
>
>The reality is that the vast majority of email is handed off to a designated
>mail relay (whether we're talking about consumer connections or office
>environments), and if we actually configured connectivity in this matter,
>there wouldn't be a problem.
>
John, the problem is deciding who is an *authorized* email sender. For
example, I own a machine in a random rack -- can it send email? The
way I operate, it sometimes needs to -- I often set up tunnels to it
from my laptop and from other machines in "banned" address ranges, and
let it send my email. For that matter, it hosts several IETF and
personal mailing lists.
Now assume that someone in some strange and wondrous part of the world
has a similar need. Are they authorized? According to whom?
There have been a lot of authentication-based and filter-based schemes
proposed, but I've yet to see a scheme that solves the authorization
problem satisfactorily. Not everyone wants to (or is able to) entrust
their email to a a Tier 1 ISP; if nothing else, the Tier 1s would
charge for the privilege.
--Steve Bellovin, http://www.research.att.com/~smb
