1.1 --- a/thesis/tex/4-MasqmailsFuture.tex	Wed Jan 14 12:22:02 2009 +0100
     1.2 +++ b/thesis/tex/4-MasqmailsFuture.tex	Wed Jan 14 12:28:06 2009 +0100
     1.3 @@ -180,6 +180,7 @@
     1.4  \MTA{}s are critical points for computer security, as they are accessible from external networks. They must be secured with high effort. Properties like the need for high privilege level, from outside influenced work load, work on unsafe data, and demand for reliability, increase the need for security. This is best done by modularization, also called \name{compartementalization}, as described in section \ref{sec:discussion-mta-arch}. \masqmail\ needs to be secure enough for its target field of operation. \masqmail\ is targeted to workstations and private networks, with explicit warning to not use it on permanent online hosts \citeweb{masqmail:homepage2}. But as non-permanent online connections and trustable environments become rare, \masqmail's security should be so good, that it is usable with permanent online connections and in unsafe environments. For example should mails with bad content not break \masqmail.
     1.5  
     1.6  
     1.7 +
     1.8  \paragraph{\RG2: Reliability}
     1.9  Reliability is the second essential quality property for an \MTA. Mail for which the \MTA\ took responsibility must never get lost while it is within the \MTA{}s responsibility. The \MTA\ must not be \emph{the cause} of any mail loss, no matter what happens. Unreliable \mta{}s are of no value. However, as the mail transport infrastructure are distributed systems, one of the communication partners or the transport medium may crash at any time during mail tranfer. Thus reliability is needed for mail transfer communication too.
    1.10  
    1.11 @@ -304,7 +305,9 @@
    1.12  %Non-functional requirements are not so easy to be marked as fulfilled or not. Instead they are discussed here.
    1.13  
    1.14  \paragraph{\RG1: Security}
    1.15 -\masqmail's current security is bad. However, it seems acceptable for using \masqmail\ on workstations and private networks, if the environment is trustable and \masqmail\ is protected against remote attackers. In environments where untrusted components or persons have access to \masqmail, its security is too low. In any way, is a security report missing that confirms \masqmail's security level.
    1.16 +\masqmail's current security is bad. However, it seems acceptable for using \masqmail\ on workstations and private networks, if the environment is trustable and \masqmail\ is protected against remote attackers. In environments where untrusted components or persons have access to \masqmail, its security is too low.
    1.17 +Its author states it ``is not designed to'' such usage \citeweb{masqmail:homepage2}. This is a clear indicator for being careful. Issues like high memory consumption, low performance, and denial-of-service attacks---things not regarded by design---may cause serious problems. In any way, is a security report missing that confirms \masqmail's security level.
    1.18 +
    1.19  
    1.20  \paragraph{\RG2: Reliability}
    1.21  Similar is its reliability not good enough. Situations where only one part of sent message was removed from the queue, and the other part remained as garbage, showed off \citeweb{debian:bug245882}. Problems with large mail and small bandwidth were also reported \citeweb{debian:bug216226}. Fortunately, lost email was no big problem yet, but \person{Kurth} warns: