At the risk of reopening the terminology debate, I want to put a
question to the WG.
I will provisionally define "sender" as that entity which:
- injects the message into the mailstream,
- receives bounces, and
- is identified in the envelope MAIL FROM return path.
I will provisionally define "author" as that entity which:
- is responsible for the content of the message,
- appears to the receiver in most MUAs, and
- is identified in the header From:.
The dichotomy corresponds to the "Channel" vs "Object" concepts,
respectively, illustrated at page 5 of
http://icauce.org/proceedings/Dave_Crocker(panel).pdf
These definitions may not satisfy everyone but please accept the
dichotomy as a working definition so I can get to my question.
The question I want to ask is:
I believe that channel/sender authentication/accountability corresponds
naturally to designated sender methods, ie. "this MTA is authorized to
originate mail with this envelope return-path."
I believe that object/author authentication/accountability corresponds
naturally to cryptographic signatures, ie. "this message and its
associated headers including From/Sender/etc have been signed by this
key which is traceable to this persistent identity at this keyserver /
DNS record, etc".
In short, I believe that the solution domain of designated sender
schemes matches the problem domain of sender authentication, and that
the solution domain of crytographic signatures matches the problem
domain of author authentication.
I would like to get a sense of whether my belief is generally shared by
this WG.
(As a matter of process I think WGs would be tremendously helped by a
simple online polling type function as long as there is some protection
from ballot-stuffing. But I don't want this thread to be about "what is
rough consensus" --- please focus on the first question about the match
between problem and solution domains :)