ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Authentication and Authorization

2004-03-11 20:45:09
from [ned . freed] [Permanent Link] 



I think that Hadmut is moving us in the right direction, but I continue
to urge us to be more precise:


Good.


Identity         Sending MTA's IP address



This means the peer, SMTP client, right?




Authentication   Verifying the Identity (TCP sequence numbers)

Authorization    Domain owner's statement



Which domain?



(It is ok if the answer is something "it depends upon which proposal is
being considered" but, again, I think we need to be clear about our
ambiguities/variables.



For example, I suspect that the definition, for this level of
discussion, needs to be something like "the owner of a domain that is
obtained from some portion of an SMTP transaction."


Seems like a reasonable way to describe it to me. It is an important point
since it puts out of scope schemes that involve a sepatate step to get or
create identity information.


Policy           Receiving MTA's way to treat messages with or
                 without Signature, LMAP authorization, or from
                 domains without LMAP record, or DNS server down



Most discussions have described a policy as guidance, from the domain
owner and to the server SMTP, concerning the way the server should treat
messages...



That is, the policy comes from the domain owner; the server SMTP decides
whether to conform to it.


Right, although there might be some issues surrounding what "domain owner"
means. Not only do we have proposals that use different parts of the DNS in
different ways, there's the mundane but nevertheless real issue that
administrative control over a domain's email policies and administrative
control over a domain's DNS entries may not be the same.


" Is there IETF work that we should take on to develop a mechanism
" that allows an MTA to use a DNS-based record to signal to peer
" MTA's that it is authorized to send mail?



nfmc> Very good point.



For reference, I think this is the right scope and goal for an IETF
working group to tackle.


I agree.


However, as always, an agreement at a face-to-face meeting needs to be
confirmed online.


Agreed, and it is all the more important here since the meeting ran late and
the question didn't get posed until some people had left.

                                Ned
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Authentication and Authorization, Dave Crocker
Next by Date:  RE: Potential Work Item: New DNS resource records, Gordon Fecyk
Previous by Thread:  Re: Authentication and Authorization, Dave Crocker
Next by Thread:  Re: Authentication and Authorization, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]