Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMTP as an Alternative to SMTP

Posted by michael on from the bad-ideas dept.

SamMichaels writes "AMTP was published as an Internet Draft last week. It suggests using a 'Mail Policy Code' during the transaction to identify what kind of mail is being sent (administrative, personal, commercial, etc). Another plus is the use of TLS using x.509 certificates signed by a CA so you know exactly where the mail came from. Sounds like a solid plan...now to get a certificate signed for a decent price is the challenge."

6 of 328 comments (clear)

  1. Free Certificate by CountZero007 · · Score: 4, Informative

    Try http://www.cacert.org/ as a free Certificate Authority...

    --
    -- Shaun "Blessed are the geeks, for they shall Internet the earth"
    1. Re:Free Certificate by Shadowspawn · · Score: 5, Informative

      If you sign your own certificate, you don't have the level of trust as getting a cert from CACert.org.

      CACert works on a point system for the level of trust. You must provide proof of your identity to other people that vouch for you - either with legal documentation (depending on the country/legal jurisdiction that you reside in) or inherited trust from another CA - or even from PGP/GPG.

      CACert is currently working on getting its root certificate included with browser distributions, such as Mozilla.

      To vote, go here: http://bugzilla.mozilla.org/show_bug.cgi?id=215243

      If you need to register on Bugzilla first, go here: http://bugzilla.mozilla.org/createaccount.cgi

      Certificates can be created for businesses and persons, unlike from most (all?) other certificate providers.

      --
      It's always darkest before ... daylight savings time.
  2. Re:but...does it work? by Anonymous Coward · · Score: 5, Informative

    Simply put, it isn't.
    If you actually had red the draft, especially section 3 you would have seen that it is in essence smtp enhaced by tls:

    3. The AMTP Model

    Authenticated Mail Transfer Protocol (AMTP) is based upon Simple Mail
    Transfer Protocol (SMTP, [RFC2821]) and addresses the twin problems
    of authentication and codification. AMTP uses Transport Layer
    Security (TLS, [RFC2246]) to create an environment of trust between
    Mail Transfer Agents (MTAs) involved in a transaction. MTAs then
    exchange Mail Policy Codes (MPCs) to establish permission for mail
    delivery.

    AMTP inherits the specification of SMTP and builds upon it. This
    document specifies only the changes to SMTP and therefore implicitly
    incorporates the latest SMTP specification [RFC2821] except where
    indicated.

    So RTF!

  3. Re:but...does it work? by geirt · · Score: 4, Informative
    njet wrote:
    > So why is this SO different from using TLS ?
    > Remember that smtp is still used and you have to be backward compatible....

     From the FAQ:
    Why not add this capability to SMTP as an option?

    This solution will only work if it is exclusive of existing practice. In order to solve the problem we must stop accepting traffic from non- trusted sources.

    So the diffference is just that, it's not backward compatible ....

    --

    RFC1925
  4. Re:What about bankruptcies? by JKR · · Score: 4, Informative
    That's what revocation certs. are for. Any certificate/PKI system needs to be able to revoke certificates/keys.

    Jon.

  5. Re:how about charging for mail? by esj+at+harvee · · Score: 4, Informative

    problem has already been considered and solved. The camram project uses a recipient bound token as its "payment". There's no need for any central infrastructure, it can't be co-opted by any central organization, it hit spammers where it hurts (throughput of messages, economics) and it can't be forged.

    Take a look at the camram project you'll find a practical, working implementation of sender pays email today.

    http://www.camram.org and camram.sourceforge.net