At 05:23 PM 10/16/2004 -0500, Seth Goodman wrote:
From: Michael Thomas
Sent: Saturday, October 16, 2004 4:12 PM
<...>
Thus, I fundamentally think that starting from identity and
working out from there is a good way to lose sight of what
the original problem was. Afterall, the original problem
wasn't "can I name something", but instead, "who's allowed
to do this/use this/assert this and how can I enforce
that in a way that affords me more control in reality
than I have today?".
Strongly agree. We could try to answer the question, "is the author of this
message who they claim to be", and get tangled up in the considerable
difficulties of answering that. Considering how the net is organized and
how email is actually used today, a more useful question is, "has the domain
owner authorized the originator of the message to use a given identity at
that domain". This is a much easier question to answer and for the great
majority of cases, is good enough for the purposes of normal email. For the
handful of cases where more specific assertions of identity must be made and
verified, there are existing solutions, though more cumbersome, to
accomplish that.
I would go even further than "...for the great majority of cases, is good
enough...". I believe it to be the right question to ask for purposes of
authorizing email, unless one wants to interfere with current use cases
desiring (relative) anonymity.
-Jim