IMHO, people on this list have different ideas of authentication and where
to apply it. Therefore a lot of messages are speaking at cross purpose.
What I want from authentication, S/MIME, is to know 100% that an email
address is the real email address of the sender. NOT the identity of the
sender.
- I can then drop any message which is not authenticated (you have the right
to message anonymously, but I should have the right to decline to listen to
you)
- I will allow any message from my friends / business partners' mail domains
straight through, and get on with my life
- I might allow messages from authenticated strangers in trusted domains, to
see what you have to say, but if you abuse it,
then I can choose to filter them, or their entire domain.
As I said in my previous posting "[Asrg] Proven solution for authenticating
messages" - you don't need authentication software at the client end, move
it up to the ISP gateway and reduce the complexity of the problem. (In New
Zealand, we don't have 1000's of ISPs, probably not even 100s).
Regards, Mike Pearson
Personal: The views expressed are not necessarily those of my employer.
ph +64 (4) 495-6769 mobile +64 (21) 631-731
fax +64 (4) 495-6669
mailto:mike(_dot_)pearson(_at_)ssc(_dot_)govt(_dot_)nz
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg