ietf-clear
[Top] [All Lists]

[ietf-clear] No callbacks, please, was Re. CLEAR Charter

2004-10-04 01:14:05
On Sun, 3 Oct 2004, James Couzens wrote:

SES is not written in stone, and there has been discussion relating to
permitting two different types of validation, both per user (which I
believe Tony Finch is after, and really is the right way to be doing it)
and per domain.

To expand on this, I am currently working on deploying a bounce address
authentication scheme at the University of Cambridge. I can't impose it
for both technical and political reasons. Technically, I do not have
control over all of the University's border email machines so I cannot
quietly slip an implementation in at that point of the system.
Politically, I work for a service organization without a monopoly and with
limited support resources; we can't force our users to change their
behaviour (to use SMTP AUTH etc.) even if it is for their own benefit.
Hence it must be optional, and we rely on the extra security and the
reduction in backscatter to encourage the users to change their setups.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
RATTRAY HEAD TO BERWICK ON TWEED: WEST OR NORTHWEST 4 INCREASING 6 THEN
BACKING SOUTH OR SOUTHWEST 6 OR 7. RAIN OR SHOWERS. MODERATE OR GOOD. MODERATE
OR ROUGH.