On Mon, May 23, 2005 at 11:53:40AM -0700, David MacQuigg wrote:
At 01:05 PM 5/23/2005 -0400, Mark Shewmaker wrote:
So again, how *exactly* does an ID claim from an untrusted party help me
accomplish my listed goals?
What you have listed as goals, the authentication of specific identities, I
regard not as goals, but as means to accomplish a goal.
No, those really are my goals.
If you're fixating on the fact that I'm mentioning spf in my goals, then
I can reword:
For the reject-if-forgery goals (the first three of my six listed goals),
I want to:
1. Reject because of the EHLO argument if it's forged according
to the helo domain owner's rules.
2. Reject because of the MAIL FROM argument if it's forged according
to the MAIL FROM domain owner's rules.
3. Reject because of the PRA argument if it's forged according
to the PRA domain owner's rules.
How does your ID proposal get me reliable knowledge of the exact
definitions of forgery from these three separate parties for these three
separate arguments without use of an additional reputation server that
says I can trust the ID domain's hearsay claim about these other domains?
I would state the goal as "authenticating an offered identity, using
whatever method is offered by that identity and is acceptable to me".
This is a goal all methods can share.
Sorry, that's way too vague for me.
In any event, "an" makes it sound as if there's just one thing to
authenticate, which is clearly insane.
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com