networkimprov
commented
3 years ago Brian, thanks so much for taking the time to write. You make a very good point; TMTP is under-documented. Your list of Q's about architecture is great!
I concentrated on producing evaluation-ready code and end-user docs (included in the client) instead of architecture docs, since I guessed working code would impress the most people. I'll add a couple paragraphs to the protocol doc to summarize the architecture. But I think what you're suggesting is a whitepaper, and I agree it's necessary; the question is how urgent is it, and how much work. (I'm currently wrestling with the puzzle of generating publicity for a new open source project!)
I'll post my draft for the architecture summary here for your feedback before adding it.
To address one of your key questions, TMTP isn't federated like SMTP or Matrix. A client connects directly (via TLS) to each server where the user might have messages waiting (like HTTP). That means a separate identity at each service. To make contact with someone outside your normal circles (e.g. work, school, interests/hobbies) you'd use a professional organization (e.g. the AMA for doctors) or a marketplace site which verifies members' real-life identities.
If you're interested to try mnm, I'd be happy to provide sign-up info for the test server. Cheers!
candlerb
Russtopia
(This is in response to a request for feedback on golang-nuts)
Proposals to replace SMTP are not new. I am old enough to remember a proposal called IM2000 by no less than the legendary Daniel J. Bernstein[^1] (expanded by others). You can Google for the details, but in short, it didn't go anywhere. One repudiation which is still online is here.
For this new proposal, what I'd really like to see is a proper architectural description, not just a bits-and-bytes protocol. Who are the participants? What roles do they take? How do intermittently-connected nodes participate, and nodes with dynamic IPs? What's the lifecycle of a message? How are messages routed? Is the DNS involved, and if so, how? Are messages relayed via multiple nodes? What are the trust relationships? Then it becomes possible to see what the tradeoffs are between this and SMTP - what problems it solves, which ones it doesn't, and what new ones it generates.
The protocol description talks about "clients" and "servers", and that a client must "login or register" to a server, but that's all. Within your own domain of trust, that's clearly fine. What about a server in my organization contacting a server in your organization? How are those relationships set up - manually?? Is there an N^2 full mesh, or do some nodes act as transit nodes, or something else? Or is the proposal implying that every client has to register directly with every server that hosts one of their contacts?! None of this is clear.
In short, how is it proposed that this will work on the Internet at large, for messaging outside your own organization? What's the sequence of events which permits user X at organization A to send a message to user Y at organization B? Nobody wants a new private messaging system[^2].
Currently the only architectural documentation I can find is a list of goals. For example, one of those goals is "Messaging services must be able to control how members identify themselves to other members and prevent members from impersonating others." However I cannot find anywhere that describes how this new mail architecture and protocol proposes to achieve this goal.
Some of the other stated goals are clearly achievable within the current SMTP/IMAP architecture. For example: "Every organization, whether tiny or enormous, needs a members-only messaging service that cannot receive traffic from external or unapproved senders." You can easily configure a mail server that accepts SMTP submissions on port 587 from authenticated clients only, and does not accept incoming mail on port 25. Job done.
MNM also seems to propose writing new E-mail clients from scratch to work with this protocol. It seems to me it would be simpler to support existing IMAP and SMTP-submission protocols, and then you could point any existing client at it. However this is just speculation on my behalf, without knowing what the proposed architecture is for nodes communicating using TMTP.
I'm sorry if this comes across as negative. Maybe from the inside, it's "obvious" to you what the architecture is - but for me, it's not. If you want this proposal to have traction, then I believe that explaining the architecture is a necessary step.
The equivalent for SMTP is RFC2821 sections 2.1, 2.3, 2.4, 3.6-3.8, 5 and 6.
[^1] Best known as a cryptographer and mathematician, but also the author of qmail and ezmlm, so he certainly groks how E-mail works.
[^2] xkcd: 927, 1810, 2365.