On 4/29/04 9:13 PM, "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net> wrote:
Any reasonable authentication scheme would have shown either where the
message actually came from or who actually authored.
Either type of information would have made pretty clear that this did
not come from the purported author.
I have a somewhat stricter definition of a reasonable authentication scheme:
A reasonable authentication scheme allows me (either by itself of in
conjunction with other services) to have strong confidence that a message
came from the author purported in the headers.
I am saying "strong confidence" because knowing absolutely is not always
worth the cost; I lock my house but don't want to live in the bank vault
that has my safe deposit box and very valuable items. Right now I have no
confidence that a message comes from it's purported author.
As discussion on the list has shown, knowing the where the message came from
is not always sufficient; you may need to know either other things about the
origin or other things about the from address.
Actually, there is an interesting hole in many of our discussions:
What about spoofing from _within_ an organization? Since most
organizations suffer data theft from within, this is not a small
concern.
But it is one that it is perfectly reasonable to leave to each organization
to manage. In looking at this kind of issue it is helpful to think about who
has control. Here, the organization has the most control and tools at it's
disposal to authenticate people and internal machines. Absent those, there
is not much the rest of us can do.
Margaret.