Edwin,
Thank you for pursuing a case analysis of terminology and assertions. I
believe we really do need to become very precise and consistent in the
terms we are using. This gets cumbersome, but the alternative vagueness
that we suffer from is worse.
I've put quotation marks around suggested terms, just to make them
clear.
Let me suggest a few modifications:
EA> * I, Edwin Aoki, authored (created) this message
EA> * I, Edwin Aoki, sent (caused to be injected into the mail stream) this
EA> message
I believe that the recent history of using the word "sender" in for so
many different roles renders it useful as a precise label. Further, the
historical term for the injection event is "post".
Hence we have an author and a poster, possibly the same and possibly
different. (The historical term for author is originator, but i frankly
think that author goes to the matter of content better.)
EA> * A machine at 1.2.3.4 is authorized to send mail
EA> * A machine at 1.2.3.4 is authorized to send mail on behalf of AOL (aol.net)
and:
* A machine at 1.2.3.4 is authorized to send mail on behalf of the
"author".
* A machine at 1.2.3.4 is authorized to send mail on behalf of the
"poster".
EA> And at the receiver, I can use the information asserted by the sender to
EA> make assertions such as:
EA> * I can verify that Edwin Aoki authored this message (or not)
EA> * The MTA from which my MTA received this message is listed as being
EA> allowed to send mail (or not)
-> allowed to operate a "client SMTP".
EA> * The MTA from which my MTA received this message is listed as being
EA> allowed to send mail on behalf of the domain listed in the message (or not).
-> allowed to operate a "client SMTP" on behalf of the domain listed in
the right-hand-side of the "RFC2822 From" field.
and
-> allowed to operate a client SMTP on behalf of the domain listed in
the right-hand-side of the "RFC2822 Sender" field.
EA> I think one of the things that hangs us up is the notion that
EA> authorization is built into any of these proposals. They aren't.
the phrase "allowed to operate" is denotationally a matter of
authorization.
EA> But also note that there are
EA> two different "senders" here. The individual who created the message
EA> (author) and the MTA from which any given MTA receives a message.
yes!
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>