ietf-mxcomp
[Top] [All Lists]

Re: Authentication and Authorization

2004-03-13 11:15:56


----- Original Message ----- 
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
To: "'Hadmut Danisch'" <hadmut(_at_)danisch(_dot_)de>; "Alan DeKok" 
<aland(_at_)ox(_dot_)org>
Cc: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Saturday, March 13, 2004 12:42 PM
Subject: RE: Authentication and Authorization




Only if the authorization informations and the rules are given
by the same entity. Here the authorization information is given
by the domain owner, the rules are given by the receiving MTA owner.

How about we use the term 'Sender profile' for the information published
in the DNS?

This avoids all the unpleasant pre-commited uses of the term
authorization.

I personally prefer "policy," but no problem with profile.

But as my high school english teacher preached "Being specific is terrific!"

Why not use the following?

[insert specific LMAP proposal] Sender Profile

But in addition,  you might wish to consider taking into account the
possibilies for mixed profiles in transactions.

[insert specific LMAP proposal] Sender|Domain Profile

SPF domain profile
SPF sender profile

example:

ip: 172.176.112.164
helo acb070a4.ipt.aol.com
mail from: <ryohei(_at_)seznam(_dot_)cz>

The SPF Domain Profile for sezman.cz is different from the SPF Sender
Profile defined by aol.com. Respectively, one says softfail, the other says
neutral.   Who provails?

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






<Prev in Thread] Current Thread [Next in Thread>