Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMTP as an Alternative to SMTP

Posted by michael on from the bad-ideas dept.

SamMichaels writes "AMTP was published as an Internet Draft last week. It suggests using a 'Mail Policy Code' during the transaction to identify what kind of mail is being sent (administrative, personal, commercial, etc). Another plus is the use of TLS using x.509 certificates signed by a CA so you know exactly where the mail came from. Sounds like a solid plan...now to get a certificate signed for a decent price is the challenge."

2 of 328 comments (clear)

  1. Re:but...does it work? by Anonymous Coward · · Score: 5, Informative

    Simply put, it isn't.
    If you actually had red the draft, especially section 3 you would have seen that it is in essence smtp enhaced by tls:

    3. The AMTP Model

    Authenticated Mail Transfer Protocol (AMTP) is based upon Simple Mail
    Transfer Protocol (SMTP, [RFC2821]) and addresses the twin problems
    of authentication and codification. AMTP uses Transport Layer
    Security (TLS, [RFC2246]) to create an environment of trust between
    Mail Transfer Agents (MTAs) involved in a transaction. MTAs then
    exchange Mail Policy Codes (MPCs) to establish permission for mail
    delivery.

    AMTP inherits the specification of SMTP and builds upon it. This
    document specifies only the changes to SMTP and therefore implicitly
    incorporates the latest SMTP specification [RFC2821] except where
    indicated.

    So RTF!

  2. Re:Free Certificate by Shadowspawn · · Score: 5, Informative

    If you sign your own certificate, you don't have the level of trust as getting a cert from CACert.org.

    CACert works on a point system for the level of trust. You must provide proof of your identity to other people that vouch for you - either with legal documentation (depending on the country/legal jurisdiction that you reside in) or inherited trust from another CA - or even from PGP/GPG.

    CACert is currently working on getting its root certificate included with browser distributions, such as Mozilla.

    To vote, go here: http://bugzilla.mozilla.org/show_bug.cgi?id=215243

    If you need to register on Bugzilla first, go here: http://bugzilla.mozilla.org/createaccount.cgi

    Certificates can be created for businesses and persons, unlike from most (all?) other certificate providers.

    --
    It's always darkest before ... daylight savings time.