Authentication tokens typically require special software
provisions on the part of both the sender and the recipient.
You're new to the list and thus have probably missed some of the
earlier discussion. While authentication tokens *typically* require
software support at both sender and receiver, there is a class of them
that only requires software support on the receiver side. These are the
"single user" addresses. I might, for instance, create an address that
authorized you to send me mail. Such an address would look something
like: "bob+1092837(_at_)example(_dot_)com". The "token" part of this address
would
be a hash of your "From:" address. With such an address, you don't need
any software on your side to pass the token.
The whitelist I propose NEVER needs to be sent to anybody,
... only just the point where the filtering is done.
Even if never sent to anyone, there is still a privacy concern
with whitelists since if they are explicit lists, they provide a single
list of all of your correspondents. In many cases, people will feel that
compiling such a list is a risk to their privacy since such a list would
be open to inspection by government agencies under some circumstances
and to employees of an ISP if the list is maintained remotely. Even if
only maintained on your personal machine, it could be embarrassing if
people with physical access to your machine could discover the full
universe of your correspondents.
For more information on "single user" addresses or other
mechanisms to pass tokens with software support on only one side of the
exchange, see my comments in:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg05395.
html
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg