ietf-mxcomp
[Top] [All Lists]

authentication or authorization?

2004-03-11 04:48:01

On Wed, Mar 10, 2004 at 10:25:01PM -0600, wayne wrote:
| >
| > what is the identity that is authenticated?
| 
| Well, while I don't know of anyone who thinks that the MAIL FROM is
| the author, I do think there is a lot of misuse of the word
| "authentication" floating around in this area.
| 
| It is my opinion that the LMAP proposals do not authenticate
| anything.  They authorize stuff.  The use authenticated data, such as
| the IP address and DNS information in order to determine whether
| something is authorized, but they don't do any authentication
| themselves.
| 

I think the confusion between "authentication" and "authorization"
arises from perspective.

From the sender domain's point of view, the SMTP transaction is
authorized or unauthorized.

From the receiver's point of view, the sender is authenticated or
unauthenticated.

To the tall, the average man is short.

To the short, the average man is tall.

Therefore, mu.