ietf-mxcomp
[Top] [All Lists]

Re: authentication or authorization?

2004-03-11 12:09:10

Thats fine by me, but lets make sure we make the clear distinction that:

1) SMTP authentication provides a policy for senders (usually MUA or router)
to relay mail

2) LMAP authentication provides a "amonymous access" policy for senders to
send final destination mail only.

Unless I completely missed the boat,  LMAP authentication is not for
relaying mail.   Relaying managment is already addressed.

Hell, we "google" all the time now.   Maybe I just begin using "lmap"
exclusively as a new term in a new industry:

     "Got LMAP?"

    "The sender was lmapped as a legimate sender"

    "logs:  LMAP sender 1.2.3.4

    "We lmapped our system to control spam!"

    "You are not a LMAP system... that is why your mail was rejected."

<g>

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





----- Original Message ----- 
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
To: "'Hector Santos'" <hsantos(_at_)santronics(_dot_)com>; "Meng Weng Wong"
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>; <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, March 11, 2004 1:43 PM
Subject: RE: authentication or authorization?



No, it is authentication.

Confusion with SMTP authentication is utterly irrelevant.

-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Hector 
Santos
Sent: Thursday, March 11, 2004 7:10 AM
To: Meng Weng Wong; ietf-mxcomp(_at_)imc(_dot_)org
Subject: Re: authentication or authorization?



I think we should get away from using "authentication" too.

SMTP authenticated sessions in the traditional SMTP sense
means "login" and
more importantly allows users or senders to relay mail.

LMAP "authenticated" sessions are not for relaying mail.  I
hope not!  :-)

I vote for  validated, permitted or even authorized sender.  But not
authenticated.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com









----- Original Message ----- 
From: "Meng Weng Wong" <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
To: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, March 11, 2004 6:47 AM
Subject: authentication or authorization?




I think the confusion between "authentication" and "authorization"
arises from perspective.

From the sender domain's point of view, the SMTP transaction is
authorized or unauthorized.

From the receiver's point of view, the sender is authenticated or
unauthenticated.

To the tall, the average man is short.

To the short, the average man is tall.

Therefore, mu.









<Prev in Thread] Current Thread [Next in Thread>