Home page logo
/

nanog logo nanog mailing list archives

Re: Remote email access
From: Dave Crocker <dcrocker () brandenburg com>
Date: Wed, 5 Feb 2003 07:41:42 -0800


Michael,

Wednesday, February 5, 2003, 1:04:08 AM, you wrote:
MDrc> What would be the point? Well, if my MTA receives a connection on port 25
MDrc> I could look up the source IP address in the LDAP directory to identify
MDrc> the owner. Since an LDAP directory can contain arbitrary information
MDrc> related to its entries, perhaps I could find out whether or not that
MDrc> source IP is registered as an SMTP server and also retrive the abuse email
MDrc> address of the organization who has registered this address.

Other folks have responded to the financial, operations and "political" issues.
I'll offer some technical concerns:

1. LDAP has been around a long time and has shown no large-scale
(millions of users), cross-Internet, cross-administration utility yet.
Hence, making a design that has any near-term reliance on its
large-scale deployment is extremely risky.

2. We know that DNS performance is acceptable for real-time use in this
type of scenario, but we do not know that LDAP performance is.  Slow
servers have been an issue with cross-net email performance for many
years.  ESMTP was designed quite carefully to avoid adding even an extra
round-trip to the session, for just this reason.  Hence, the potential
impact of a cross-net LDAP query are very, very risky.

Please note the reference to "near-term". I started this thread because
there is an immediate user problem. I am looking for the simplest,
safest, quickest way to resolve it. That means using existing standards
and deployed solutions, rather than designing new ones. That is, the
task needs to be one of reducing choice, not adding to it. That is why I
suggested the vehicle of a BCP, rather than a new IETF working group.

d/
-- 
 Dave <mailto:dcrocker () brandenburg com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 t +1.408.246.8253; f +1.408.850.1850


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault