RE: one more time: agreeing on the basic goal of MASS

  >  say that my goal for this service is to provide a mechanism for the
  >  domain of a message author to provide an assertion that they authorized
  >  the sending of a specific message.
...
  it occurs to me that the precise meaning of your statement might actually
  go farther than we want, since it implies per-message assessment by the
  domain owner.


I should explain where my concern about "per-message assessment" came from:
The reference to "a specific message" means that each message is authorized.
The problem word is "specific".  For per-message authorization to mean
anything, it has to imply per-message assessment.

So I suggest that the language should be modified a bit:

        A validated MASS signature means that the domain listed in the 
RFC2822.Sender(*) 
        header has authorized the sender to post messages under its domain.  
The domain 
        is accountable for mail that it validates.

        (*)The RFC2822.From header serves the role of the Sender specification, 
when the
            RFC2922.Sender header is not present.


On 23 Nov 2004 06:13:16 -0000, John Levine wrote:

  I find it helpful to remind people that the result of any
  authentication scheme is only that you know who to blame for the
  message, not whether a message is spam,


Exactly.  And that's what I mean by the accountable, above.



On Mon, 22 Nov 2004 17:13:21 -0800 (PST), 
ned(_dot_)freed(_at_)mrochek(_dot_)com wrote:

  >         The authentication process is intended to produce input to the
  > receive-side filtering process.  This may take place at any authorized 
agent
  > working on behalf of the recipient.  However it need not include the MUA.

  Bingo. If allowing this sort of thing is all we accomplish, we will actually
  have accomplished quite a bit.


yup.

 Since the communication of the
  authentication result may be secured in a variety of ways, including simply
  passing the information across an internal link, it was deemed to be
  insufficiently secure.


There has been quite a bit of focus on displaying the validation result to the 
recipient user.  My intent in stating that the filtering engine is the target 
is that we view end-user display as an entirely secondary issue.  Yes, it is 
nice to do, but no, it is not any more essential that showing any of the other 
filtering engine data results.


d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com

<Prev in Thread]	Current Thread	[Next in Thread>
RE: one more time: agreeing on the basic goal of MASS, Robert Barclay RE: one more time: agreeing on the basic goal of MASS, Dave Crocker RE: one more time: agreeing on the basic goal of MASS, Douglas Otis RE: one more time: agreeing on the basic goal of MASS, Dave Crocker RE: one more time: agreeing on the basic goal of MASS, ned . freed Re: one more time: agreeing on the basic goal of MASS, Jim Fenton Re: one more time: agreeing on the basic goal of MASS, Robert Barclay Re: one more time: agreeing on the basic goal of MASS, John Levine Re: one more time: agreeing on the basic goal of MASS, Douglas Otis Re: one more time: agreeing on the basic goal of MASS, Jim Fenton RE: one more time: agreeing on the basic goal of MASS, Dave Crocker <= RE: one more time: agreeing on the basic goal of MASS, Hallam-Baker, Phillip RE: one more time: agreeing on the basic goal of MASS, Robert Barclay

Previous by Date:	Re: problems IIM dns specification, william(at)elan.net
Next by Date:	Re: Web pages for MASS effort, Dave Crocker
Previous by Thread:	Re: one more time: agreeing on the basic goal of MASS, Jim Fenton
Next by Thread:	RE: one more time: agreeing on the basic goal of MASS, Hallam-Baker, Phillip
Indexes:	[Date] [Thread] [Top] [All Lists]