[Asrg] POSTAGE, was The fundamental misconception about paying for mail

[Paul Russell]

On 12/3/2008 7:08 AM, John Levine wrote:
>>>> Why can't I buy one SSL cert and put it onto as many sites as I like?
>>> Because each site has a unique DNS entry.  I don't think a system that
>>> requires a DNS entry for every message you send would work very well.
>> I am straining to imagine why you would say this. Seriously. I'm
>> mildly boggled. So forgive me if my response misses your point:
> 
> Uh, Barry, that's how SSL certs on web sites work.  Every web site has
> a DNS entry, the name in the cert has to match the name in the DNS
> that a www client uses to find the site.  

You need one cert for each web host, not one cert for each page on the web host. 
  If a single box answers to multiple hostnames, it needs a cert for each name to
which it responds; it does not need a seperate cert for each page on each
virtual host.  You can buy multiple copies of a single SSL cert so that you can
legally put the same cert on multiple boxes.

Go back to the analogy of the postage meter.  When you buy/rent a postage meter,
the meter is assigned a unique ID number which is printed on each envelope
processed through the meter.  The ID number is unique to the meter, not to each
envelope; the epostage signature would be unique to the epostage cert purchased
by the sending domain, not to each message sent from the domain.  Presumably, a
site could purchase multiple copies of a single epostage cert, so that messages
from multiple MTA's would carry the same espostage signature.

I see some conceptual similarities between this epostage proposal and DKIM.

-- 
Paul Russell, Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
prussell at nd.edu