First, this is not a discussion group about CSV. Can you stop talking
about CSV here? CSV has yet and will never get seriously implemented so
please stop talking like it is at the same level of maturity of SPF. Stop
throwing dirt into the water by comparing it to SPF . THIS FORUM IS ABOUT
SPF, NOT CSV!
Non SPF Topics aside........
Authentication vs. Authorization.
What is so difficult to understand here?
A SPF checker attempts to authenticate a sender by checking the SPF policy
of a domain which authorizes the machines allows to send mail.
So the SPF policy Authorizes. The checking process Authenticates. Whether
the results are to be trusted, is a different concept altogether. In the
end, after you authenticate a sender, the sender is then authorized to send
mail.
Rephrase in general terms:
Authentication is the process of checking or verifying an entity using some
form of integrity information such as an authorization policy.
----
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats (WcSAP Anti-Spam Stats)
----- Original Message -----
From: "David MacQuigg" <dmquigg-spf(_at_)yahoo(_dot_)com>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Saturday, April 16, 2005 9:08 PM
Subject: [spf-discuss] Email Authentication - choice of words
In a recent discussion, a friend said I should not use the term
"authentication" in connection with SPF, because "SPF doesn't do
authentication". It only checks that a domain *authorizes* a particular
server to send mail on its behalf. If a server allows any domain to use
it
as a forwarder, there is no way for the downstream receiver to
authenticate
the claimed domain name.
CSV separates authentication and authorization into two distinct
steps. While the distinction is quite valid, it seems to me that it is
still OK to refer to SPF as an email authentication method, at least in
contexts where separation of the two is not important. For example, if
I'm
making a list of "email authentication methods", I would not think to
exclude SPF. On the other hand, I would not say "SPF authenticates the
domain claimed in the Mail From command".
Any thoughts on this issue?
--
Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com