In <1799694351(_dot_)20040310195905(_at_)brandenburg(_dot_)com> Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> writes:
wayne,
w> I disagree. I know of none of the LMAP proposals that purport to
w> validate authorship. They talk about authorization and
w> authentication, but they don't try to pin down an author.
what is the identity that is authenticated?
Well, while I don't know of anyone who thinks that the MAIL FROM is
the author, I do think there is a lot of misuse of the word
"authentication" floating around in this area.
It is my opinion that the LMAP proposals do not authenticate
anything. They authorize stuff. The use authenticated data, such as
the IP address and DNS information in order to determine whether
something is authorized, but they don't do any authentication
themselves.
So, what is the identity that is authenticated? I say "mu". You are
asking a question that makes no sense.
Using the terms floated around here, I guess others might say the "MAIL
FROM address", the "HELO domain", etc.
what is its relationship to the message and/or the transmission of the
message?
Again, I can't answer this question because I don't think the LMAP
proposals are about creating an authenticated identity. They talk
about authorized usage.
-wayne