On Wed, Sep 22, 2004 at 12:31:57AM +0200, Alex van den Bogaerdt wrote:
|
| Agreed. But even in that example, all you know is that a certain relay is,
| or is not, allowed to send mail on behalf of $user(_at_)$domain(_dot_) You
cannot know
| if the message was really sent by $user(_at_)$domain, the only think you know
is
| that $domain _authorizes_ $relay to do so.
|
| Authentication is performed on another level.
|
| Authentication: is this really $relay? Is this message really coming from ...
?
Every authentication scheme draws a boundary between the
acceptable set and the prohibited set.
If we consider "please swipe employee pass to gain entry to
building" as an example of authentication scheme, you can
make the same claims that swiping an employee pass is not
actually an authentication scheme, because maybe a bad guy
stole your pass and is swiping it instead of you.