Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote:
[John Leslie wrote:]
To make it worse, most folks who _do_ comment either confuse the
semantics of the various "identities" or appear to believe there
_is_ no difference.
I see things a bit differently.
1) We have the semantics of the MARID record.
2) We have the guidelines for interpretation of the MARID record.
3) We have the internet goop that messages have to wade through to
reach their destination.
In my view (1) is simply a statement of what the edge servers are.
I really hate discussions of what the meaning of "is" is...
Phill and I have exchanged messages off-list: hopefully I can bring
some benefit of that to the list.
Phill is thinking in terms of:
- IP address;
- whether they support SSL, S/MIME;
- accreditations;
- etc.
I am thinking in terms of what the servers are "authorized" to do:
- what policies does the domain manager have;
- how are these policies monitored;
- what level of trust does the domain manager suggest;
- what reputation services might we ask for a second opinion.
Both viewpoints have their value. Neither of us should dismiss the
other as misguided.
(2) is a consequence of (1) + (3)
This, alas, is hand-waving. There is no hope of our writing guidlines
for interpretation based on <the MARID record> and <the internet goop>;
since the "internet goop" is constantly changing.
We can DEFINE (1), we can DESCRIBE and to a very limited extent hope
to REFORM (3).
Indeed, we _must_ define <the MARID record(s)>. I am particularly
concerned that we define to fit a well-defined task. Since we are
chartered to document "authorization" of MTAs, I will spend a good
deal of effort to document what MTAs are authorized to do.
I see little point in describing the "internet goop" -- it changes
too fast. I do share Phill's hope to reform the "internet goop"; but
to whatever extent we succeed, describing it becomes even harder.
I do not see the identities question as being any part of (1). If you
state where the edge servers are the effect on identities is a
consequence of (3).
This is one way to look at it -- but it strikes me as an incredibly
_difficult_ way to look at it. To interpret the MARID records based
upon one's current understanding of "the internet goop" prevents those
who advertise MARID records from having a clear understanding of what
authorization they advertise.
It is pretty easy to define (1) in a formal sense as Bob and myself
have been doing. (3) is somewhat tricky, but if it could be done
we could arrive at a proof of whether (2) was correct or incorrect.
One could, OTOH, formally define the MARID records in such a way
that the interpretation of them _doesn't_ depend on what lies between
the authorized MTA and the receiving MTA; and let any divination be
performed later on a per-user basis. I prefer that strategy.
--
John Leslie <john(_at_)jlc(_dot_)net>