nanog mailing list archives
Re: Massive change in Public Cert behaviour coming soon
From: Grant Taylor via NANOG <nanog () lists nanog org>
Date: Sun, 18 May 2025 13:29:59 -0500
On 5/18/25 12:14 PM, Tom Beecher via NANOG wrote:
"I am FOO." = Identification "This is proof I am FOO" = Authentication
Okay. I think that's a fair distinction.Based on these meanings, I think that most contemporary MTAs use some form of (weak) authenticated identity. The most common that I see is reverse DNS with forward DNS confirmation. A less common form of (client) authentication is username & password.
N.B. Only less common in that there are more MTA-to-MTA connections than there are MUA-to-MTA connections. -- I'm eliding illegitimate connections like credential stuffing attacks.
I haven't seen a properly configured Internet accessible MTA not do any form of authentication in many years. More like multiple decades at this point.
So I posit that Brent's "SMTP do not authenticate" statement is outdated at best.
What is done with that authenticated identity is a down-stream and independent of the authentication process itself.
- Maybe it's not used. - Maybe it's only used for logging (Received: header and / or SYSLOG). - Maybe it's used to alter the what the client is allowed to do. -- Grant. . . . _______________________________________________NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/HTGJVDAV7JMKZ27VABCRP5PBKBT4WQ3N/
Current thread:
- Re: Massive change in Public Cert behaviour coming soon, (continued)
- Re: Massive change in Public Cert behaviour coming soon Chris Adams via NANOG (May 17)
- Re: Massive change in Public Cert behaviour coming soon Elmar K. Bins via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Christian de Larrinaga via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon Chris Adams via NANOG (May 17)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 17)
- Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 17)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Michael Thomas via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon Tom Ivar Helbekkmo via NANOG (May 19)
- Re: MTA-STS, was Not So Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 19)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)