Re: TURN and disconnected SMTP with dynamic IP addresses

["Jack De Winter" <jack@xxxxxxxxxxxxxx>]

At 01:04 PM 9/30/97 -0700, Randall Gellens wrote:
>At 10:53 AM -0700 9/30/97, Paul Hoffman / IMC wrote:
>
>
>>First off, I think this discussion should be on ietf-disconn-smtp@xxxxxxx
>>only, not on DRUMS, since it doesn't have anything to do with 821 or 822:
>>it has to do with an extension.
>
>Makes sense to me.  I would have removed drums from the cc list of this
>message, but I haven't received any messages on ietf-disconn-smtp for
>days, so I'm not sure where the problem is.

took drums off the cc for the reply...

>>Further, I think that the keys should be optional, so that current systems
>>that don't need them (those with believable fixed IP addresses) can
>>interoperate with this new system.
>
>First, I think it might help to have a way to tell a normal ETRN (which
>should use the DNS) from a dynamic ETRN (which would normally use the
>IP address that the client is presently on).  I was thinking of either
>a new command (DTRN) or an optional parameter to ETRN:
>
>C: ETRN [192.168.15.2:8025] foobar.net

Why?  This presents a security loophole.  The keys should be there to allow
the site initiating the ETRN command to say that it wants extra verification
when the connection is made.  As for a manner to determine permananent
nodes versus transient nodes, isn't that the responsibility of the server
side receiving the ETRN command?  You do not want to allow anyone to use
the ETRN command to force mail to an arbitrary node.  If you have a given
"switch" turn on on the server side, it will make a temporary entry into
a local table that any STMP connections for foobar.net (using the above
example) should use the IP address of the connection, 192.168.15.2.

>To close the timing hole for the new connection, I see two ways to go:
>(1) have the ISP respond to ETRN with a key (a random number) that the
>customer returns in the EHLO response or the greeting when the new
>connection is opened:
>
>C: ETRN domain
>I: 250 [9876foo] OK
>...
>I: EHLO ISP.COM
>C: 250- ETRNID [9876foo]
>
>Or (2), require a new authentication for the new connection:
>
>C:  AUTH CRAM-MD5
>I: <1896.697170952@xxxxxxx>
>C:  foobar.net b913a602c7eda7a495b4e6e7334d3890
>I:  250 OK now authenticated as foobar.net
>C: ETRN [192.168.15.2] foobar.net
>I: 250 OK
>...
>I: AUTH CRAM-MD5
>C: <1896.697170683@xxxxxxxxxx>
>I: ISP.COM a872b304a4bcd3b587a2bcd938473849
>C: 250 OK ISP.COM now verified, please send me my mail
>
>The second authentication could use the same shared secret as the
>first, to make things simpler.

Simpler, but possible to crack easily.  The key system is an optional
system that allows for any ETRN submission to trivially get an extra
level of certainty, mostly for dynamic IP address situations.

regards,
Jack
-------------------------------------------------
Jack De Winter - Wildbear Consulting, Inc.
(519) 884-4498		http://www.wildbear.on.ca/

Author of SLMail for 95 & NT (http://www.seattlelab.com/)