Use the IP address as information to verify identity, but
don't use it as an
identity or as part of an identity.
I'm afraid I still don't understand your point. Why would
the user see it?
With people asking for the IP address to be considerd as an identity, it sure
sounded like they wanted users to see it. An IP address is not an identity
in and of itself, and I don't want to see it considered as an identity in and
of itself.
Even an MTA should not see the IP address as an identity in and of itself,
but it can use it to verify one of the identities Marshall pointed to.
Phillip and others who believe in cryptographic verification will say that
there are other items to verify identity with. A digital certificate isn't
an identity in and of itself but it can be used to verify one's identity.
Passports, calling cards, birth certificates, social security and social
insurance numbers[2], etc are not identities but are used to verify an
identity[1].
Am I misunderstanding your use of the term "user"? I'm taking it to
mean "end-user" and "person sending or receiving email" in
your response.
Yeah, I'm referring to that.
[1] This is one reason why telephone analogies don't work well. Many people
can and do identify other people with telephone numbers, especially toll free
numbers (1 800 ABCDEFG anyone?)
[2] Yeah I know using one's SSN or SIN for verifying identity is normally a
BAD idea.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>