Updated draft. MTA identification?
nisse at lysator.liu.se
15 Oct 2004 14:41:40 +0200
I've updated the draft now (see
trying to address the issues raised by Simon and during the meeting.
It now uses per-MTA keys. Then an important question is how an MTA is
identified. Ideally, all border-MTA-s belogning to the same
administrative domain should have the same identity (except perhaps
secondaries). It's not clear if a mail server that accepts mail for
multiple domains should have a single id, or one id per domain.
I tried to write this down in section 4.
Do we need new terminology for the things we identify? It's slightly
confusing to say "MTA" when we are talking about not a single mail
server, but a fuzzy group of them?
Other notable changes: Authentication means signing a challenge
string, of the same form as the hash cash challenges. Hash cash
challenges now use hmac-sha1, with the string to be search for in the
key argument, in order to make the construction somewhat more
Most of the text on name-key semantics is deleted.