ietf-mxcomp
[Top] [All Lists]

Re: Authentication and Authorization

2004-03-11 13:13:29

Hadmut Danisch <hadmut(_at_)danisch(_dot_)de> wrote:
I believe here is some confusion about the term "authorization". 
RMX and similar records are authorization statements. Why shouldn't
they be? 

Policy is the wrong term here. A policy would be to reject all
messages which fail the LMAP/RMX/... check, i.e. how to treat messages
which failed the authorization check.

  The domain publishing LMAP information is publishing a policy: Who
is authorized to use it's name.  The MTA receiving an SMTP connection
may choose to enforce that policy.  That enforcement is called
authorization.

  Alan DeKok.