[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Connectivity Issues for a ODMR Server
I know that this is months too late for the Final Call (and the RFC
has already been published) but I just found out about it and had
some thoughts that I would have raised at Final Call time so here
goes anyway (for any good it can do if there is any attempt to revise
Recently I have seen RFCs and other suggestions that under the guise
of trying to control SPAM and/or BLOCK RELAYING suggest that ISPs
enact procedures that amount to denying their users access to the
services that the user has paid and contracting for. In particular is
the blocking of access to the SMTP Port (so a user can not send
EMAIL) when the user is currently attempting to establish the
connection from a location that is not on the ISP's WAN (ie: not from
a Dial-Up Gateway port or a Direct Connection to the ISP's Network).
IMO, the ISP should provide some means to accept a connection from
such users no matter where their current connection is established.
The restrictions in section 8 of the RFC, again IMO, amount to more
of the same approval of denial of service on the part of the ISP
based ONLY on where the user is connecting from.
Now that THAT is off my chest <g>, I will comment and explain my
reasoning on this issue.
If someone attempts to connect to a POP Server and provides a valid
USERID and PASSWORD they are permitted to download all Email in the
mailbox that is owned by that UserID (ie: Knowledge of the
UserID/Password combination is regarded as adequate "proof of
identity" to permit this process).
An ESMTP Server (connected per section 8) to ISPa's Network who in
response to the AUTH challenge prompt from ISPa's ODMR Server
provides the correct response, will be allowed to ATRN the connection
and receive queued EMAIL (ie: In this case, again the correct
response is regarded as adequate "proof of identity" to permit the
process to occur).
I see no reason why the ODMR process should be more restrictive than
the POP Process - especially since the POP Process allows plain text
passwords and does not require a secure challenge/response like
Kerberos or APOP [what are optional for POP Logon] while ODMR
requires the use of AUTH [which is a secure transmission of the