On Fri, May 27, 2005 at 10:59:09AM -0400, Stuart D. Gathman wrote:
If people are unsure about the highly technical usage of the words in
the computer world, they should use different words so as to avoid
offending the jargon lawyers. Based on my experience, I suspect that
reading up on the technical meaning of "authorization" will confuse
the heck out of them. End admins just need to know that an SPF
fail is like a drivers license where the picture doesn't match.
Are we really?
IMHO we aren't verifying the authenticity of the document.
We are using the information on this document and verify
if the holder is or is not allowed to drive that lorry...
The document is considered correct, given that it is very
hard to falsify (IP address hard to spoof -> we take it for
granted)
This may look an insignificant and silly argument but I really
think this is important: _what_ is it what SPF accomplishes.
And a PASS is like a valid drivers license. Plenty of crimes are
commited while holding a valid license...
That's true for sure but it is written in a context of
authentication, not authorization. We are not looking
at "Is this John Doe". All we want to know is if John
is authorized by the state of [...] to do action [...].
Big and important difference.
In SPF talk: we don't know if this is an aol host. We
do know what aol thinks of a certain host (being: ?all)
Alex