Strongly agree. We could try to answer the question, "is the author of
this
message who they claim to be", and get tangled up in the considerable
difficulties of answering that. Considering how the net is organized and
how email is actually used today, a more useful question is, "has the
domain
owner authorized the originator of the message to use a given identity at
that domain".
Well, since the domain allocates the namespace (i.e., issues subordinate
identities like user(_at_)domain(_dot_)com), there's no question that the
domain needs
to authorize the originator of a message to use a given identity in that
domain - I'm not sure who else could authorize that. I agree that this is a
separate matter from whether or not the author of a message is who they
claim to be... I similarly believe that there are many tangled threads to
that question which are best not tugged. An identity (a name like
user(_at_)domain(_dot_)com) is not a message author (a human like Seth
Goodman), and it
is basically a category error to suggest that it is meaningful to equate
them. Seth may be authorized to use all sorts of identities in all sorts of
domains.
That much said, if an originator can claim a given identity in a domain
without the authority of that domain, then they fall afoul of your "more
useful" constraint. This is what an impersonator does; the identity of a
message originator is only "falsified" when the domain has not allocated
that segment of their namespace in such a way that an originator is
authorized to use it. This is how I understand the threat of impersonation,
and why I think it is primary threat we need to meet. I suppose I might
further add to your more useful constraint that the domain has to exist
(i.e., to be allocated to someone in the larger DNS namespace) in order for
anyone to be authorized to claim any name in that domain, but otherwise, I
think we're on the same footing.
Those sorts of nits aside, I think I futhermore agree with the substance of
your mail: that if there is a question in MASS that has not been addressed
before, it is how a messaging system can answer your second question above.
I also agree that using domain-based assertions rather than user-based
assertions is reasonable (it's what we decided to do for SIP, eventually). I
do think it is worth documenting and analyzing the varieties of more
specific assertions of identity as well, because, if nothing else, it
exposes elements of the problem space that help us to make design decisions.
Jon Peterson
NeuStar, Inc.
This is a much easier question to answer and for the great
majority of cases, is good enough for the purposes of normal email. For
the
handful of cases where more specific assertions of identity must be made
and
verified, there are existing solutions, though more cumbersome, to
accomplish that.
--
Seth Goodman