Re: SPF and Responsibility

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

terry(_at_)ashtonwoodshomes(_dot_)com wrote:
|>-----Original Message-----
|>From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
|>[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Mark 
Shewmaker
|>Sent: Thursday, July 22, 2004 2:35 PM
|>To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
|>Subject: RE: [spf-discuss] SPF and Responsibility
|>
|>
|>On Thu, 2004-07-22 at 07:39, terry(_at_)greatgulfhomes(_dot_)com wrote:
|>
|>>You are correct in that the wording of the spec is misleading.
|>
|>This is the current wording:
|>
|>  5.2  Pass
|>
|>    An SMTP server receiving this result SHOULD treat the message as
|>    authentic.  It may accept or reject the message depending on other
|>    policies.
|>
|>How is that misleading?
|>
|
|
| It's misleading because "the message is authentic" might be better
worded as "the sender domain of
| the message is authentic"
|
| And that's because I suspect to a lot of people authentic means:
| (1) Conforming to fact and therefore worthy of trust, reliance, or belief
| Rather then:
| (2) Having a claimed and verifiable origin or authorship
|
| (1) is what something like PGP does
| (2) is really what SPF does

Not in the least.
You have a misguided idea of what "trust" means in this context.
All trust means here is that you are who you say you are.
There is no value judgment on content expressed or implied
by trust in the security sense.
This message is GPG signed, if the signature checks out I am who I say I
am and this is my original message. I could be lying through my teeth,
but my words are my own. SPF does the same thing, only
for the domain portion of my address.

Whether or not you trust me, GPG and SPF say that you can trust
that this is my message.

My earlier messages today were not GPG signed. The content you
received may not be the content I sent. I expect that it is, but
it would be an effort to verify it.


- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBABGg8/QSptFdBtURAvrOAJ9CKv350k5IYlQG4Y10+THz6129XwCeIieJ
0TYlxtyoWKfwGvZFFMaMOug=
=U9OA
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF and Responsibility, (continued) Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, David Beveridge Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, David Beveridge Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Michel Bouissou Re: SPF and Responsibility, Mark Shewmaker RE: SPF and Responsibility, terry RE: SPF and Responsibility, Mark Shewmaker RE: SPF and Responsibility, terry Re: SPF and Responsibility, Daniel Taylor <= RE: SPF and Responsibility, terry RE: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Andriy G. Tereshchenko Re: SPF and Responsibility, Mark Shewmaker Re: SPF and Responsibility, Greg Wooledge Re: SPF and Responsibility, Daniel Taylor Re: SPF and Responsibility, Michel Bouissou Re: SPF and Responsibility, Daniel Taylor Re: SPF and Responsibility, Michel Bouissou Re: SPF and Responsibility, Daniel Taylor