Limitation of Current Direct Project
1. The WS of Direct Project does not have access limitation. Anyone can retrieve the private cert without authentication if the private cert is stored through WS into WS server’s local DB.
2. If uses LDAP as certificate store, the LDAP need to be maintained separately, the UI of Direct Project can only manipulate data which are stored in its own local DB.
3. If uses LDAP as private certificate store, need to configure connection parameters and search parameters in the WS UI. But the password is stored and displayed as plain text.
4. One James Server has limitations on multiple domains configuration, if these domains by default do not trust each other. This means, multiple domains are not supported on single James Server when these domains do not trust each other.
Reason: In James's configuration, you have to config local mail(sender and recipient all local) local delivery. Otherwise, if all messages configured to go through the Secure Mailet, the local message will not get decrypted before its delivery, current existed matchers do not support this kind of action. In this case, if multiple domains exist on one James server, it means that all these domains are considered as local and will not go through the trust validation. But if by default these domains do not trust each other, this impl will not meet the requirement.
Also, in this case, if trust is based on user, then the local users also have to by default trust each other. This limitation is really not good.
So if we want to fully realize trust based on user or domain, we have to write new matchers and adjust the validation process that configured in James.
5. The load balance of email server needs to be considered.
There are two ways to apply load balance for mail server, one is to use DNS MX Record, while the other is to use separate load balance server. But I did not find documents on this part for direct project. And personally I'm not an expert on this, need to do more research.
Just bring into mind, it is Reference Implementation.
We need to develop the direct project ourselves with the reference implementation as guideline.
5. The load balance of email server needs to be considered.
There are two ways to apply load balance for mail server, one is to use DNS MX Record, while the other is to use separate load balance server. But I did not find documents on this part for direct project. And personally I'm not an expert on this, need to do more research.
Just bring into mind, it is Reference Implementation.
We need to develop the direct project ourselves with the reference implementation as guideline.
No comments:
Post a Comment