ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Authentication and Authorization

2004-03-11 13:37:31
from [Hector Santos] [Permanent Link] 


----- Original Message ----- 
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: "Edwin Aoki" <aoki(_at_)aol(_dot_)net>
Cc: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, March 11, 2004 3:15 PM
Subject: Re: Authentication and Authorization




Hence we have an author and a poster, possibly the same and possibly
different. (The historical term for author is originator, but i frankly
think that author goes to the matter of content better.)


EA> * A machine at 1.2.3.4 is authorized to send mail
EA> * A machine at 1.2.3.4 is authorized to send mail on behalf of AOL

(aol.net)


and:

* A machine at 1.2.3.4 is authorized to send mail on behalf of the
"author".

* A machine at 1.2.3.4 is authorized to send mail on behalf of the
"poster".


Excuse if misunderstand you,

Are we discussing LMAP or are back to Anti-Spam Research 101?

This is not the proposal being discuss.  LMAP does not authorized "authors"
or "posters"

In my opinion, when technology is invented that "authorized" the author and
the targe receipient for that matter, then it really doesn't matter what IP
is used in the ideal world.   The assertion may become:

   A machine at 1.2.3.4 is [not] authorized to send "authorized authored
mail"

I believe that is what YDK attempts to address on behalf of the USER:

   A machine at 1.2.3.4 is [not] authorized to send YDK ready mail.

The question is, does it matter is the mail is secured?

Thats a rthorical question.   But I would like to get back to focusing on
LMAP either that or we stop playing games and just change SMTP to do the job
it should be doing in the first place.  After all, SendMail and YAHOO are
going to be change their SMTP servers with what seems to be an unfair
initial "exclusive" and "modified" SMTP systems before everyone else has it.
[Is the YDK specs out?]

As a side note:  LMAP is use one of five test suite of methods we use.  If
no decisions are made on the initial test performed,  the final test is a
CBV which finally attempts to "validate" the complete return address.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Authentication and Authorization, Hector Santos
Next by Date:  RE: Authentication and Authorization, Hallam-Baker, Phillip
Previous by Thread:  Re: Authentication and Authorization, Dave Crocker
Next by Thread:  Re: Authentication and Authorization, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]