ietf-mxcomp
[Top] [All Lists]

Re: Identity consensus and working group direction

2004-04-29 18:59:38

On Thu, Apr 29, 2004 at 03:51:41PM -0700, Pete Resnick wrote:
| 3. Come up with some specific 2821 policy (or policies) defined in 
| that language.
| 4. Come up with some specific 2822 policy (or policies) defined in 
| that language.

From discussion in this working group, it appears that the bulk of the
complexity in verifying 2822 headers is in the algorithm that selects
the purported responsible domain.  Microsoft has done a lot of thinking
in this area already, the most recent fruit of which is Harry Katz's
modified header selection proposal.

Once we have chosen an address or addresses, we can apply the exact same
lookup algorithm that is used forthe 2821 headers.  The lookup is just a
function that takes (ip, email_address, ...) arguments.

So, on point 4, I suggest we define a policy for receivers to follow:
that policy should be a standard algorithm which has implications for
conformance, but it should not necessarily be defined in the sender-side
language.