Exactly, authentication is about who you are
...
But many people use "identity" for the e-mail address.
So my question was whether he was talking about the IP address
or the e-mail address when talking about "identity".
I believe we're talking about the e-mail address when we talk about identity.
It's the most visible and identifiable item. The existing proposals use
records in a de-centralized database to verify a portion or all of this
identity. We happen to use the message envelope's e-mail address (MAIL FROM)
so we have a chance to refuse the message without receiving all of it.
The records themselves can reference IP addresses, MAC addresses,
certificates, phone numbers or anything else that could be stored in the
database. It just happens the IP address is one of the most readily
available bits of information to reference. There are others.
As for using DNS vs other databases, I just think if DNS is already being
used (if we look at a database server by name, we're using DNS) we should
bypass the middleman and save some bandwidth. Other databases could work,
ie: LDAP, and still be de-centralized (each domain running their own LDAP
server - and many do even if they don't know it). There's another whole
argument over how vulnerabilities in DNS could affect any other database
system referenced by name just as easily as DNS itself, but that's not in
scope here.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>