On Friday 24 October 2008 12:10, Murray S. Kucherawy wrote:
An issue has been raised regarding the name of the proposed header
field. Some of the methods supported by the draft are specifically
message authorization and not authentication (e.g. SPF, Sender-ID) and
there's a concern that this might mislead some consumers of the header
field's contents. Do others concur, or is it not something about which
to be concerned?
Because of the existing installed base of code doing this work,
splitting the header field into two (one for authentication and one for
authorization) seems like it would work but something easier could be done.
Perhaps we could take advantage of a lexical coincidence and rename it
to "Auth-Results", specifying in the draft that it covers both
authentication results and authorization results. Would that work?
Both SPF and DKIM pretty well tell you the message came from an MTA that the
domain owner somehow thought well of. I don't see any point in adding the
complexity.
As you've said, the consumers of this header are expected to understand what
the results for each method mean. I think adding a distinction will cause
more confusion, not less.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html