On Fri, Oct 10, 2003 at 10:49:27PM -0500, wayne wrote:
|
| SPF does not authenticate anything, it authorizes the use of the
| domain name by a given IP address. The IP address is authenenticated
| via the sufficiently-random sequence numbers in the TCP packets. GPG
| authenticates people, but does not provide any authorization. These
| are two different concepts.
|
good comments, thanks. I'll update accordingly when I get a moment.
I'm camping two tents over from Paul Vixie and we had a good talk about
SPF tonight. As you might expect, he's thinking several steps ahead,
about end-to-end schemes and webs of trust based on degrees of
separation. His criticisms of SPF (and his original proposal,
MAIL-FROM, from five years ago) are that the reputation schemes may end
up in a Verisign scenario; or that the major ISPs will want to adopt
telephony termination economic models, to the detriment of the public;
the Internet wasn't supposed to be about private clubs and gated
communities. Still, I think we can reach agreement that it's an
acceptable stopgap measure.
More tomorrow as we discuss further.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡