ietf-asrg
[Top] [All Lists]

Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

2004-02-09 08:46:33
Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
Which brings us back to your original point - why do we want to 
authenticate identity?

  I would suggest that for most cases, we don't.

Identity of the incoming MTA or the sender by 
itself will be meaningeless unless combined with some form of a 
reputation system.

  We don't need a repudiation system if we have a live verification system.

As for stopping forgery, since this operates only on the SMTP Session 
level, it does not stop forgery of the mail content itself. Rather it 
autheticates the SMTP transaction which lets the network administrators 
complain to the originator. BUT, if the incoming IP is know, we know who 
the admin is anyway, so what's the point to tie it in with a domain.

  Are you sure we know wo the admin is?  Some ISP's delegate IP's, and
then disclaim responsibility when their users abuse the net.  Are we
to hold that ISP responsible?

  My opinion would be to say "yes".  Everyone who contributes to the
creation of a problem is partially responsible for it.  The fewer
people who contribute to creating problems, the fewer problems.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg