spf-discuss
[Top] [All Lists]

[spf-discuss] Re: "authorized" == "not forged"?

2006-09-20 04:39:16
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
Julian Mehnle wrote:
So perhaps indeed we need a "softpass".  Others (like you)
might say instead that we need a "hardpass", because they
consider today's "pass" a "softpass".

Existing policies use PASS for both purposes.  Assuming default
"soft" and offering an explicit (opt-in) "hard" is the only way
forward I can see.

it would have to be defined very thoroughly.

Is anything wrong with the op=auth text ?

Not substantially.  In fact I'm planning on implementing support for 
the "op=" modifier in Mail::SPF.

The description of "op=auth" fails to make an explicit point of the 
difference between v=spf1 Pass's authorization semantics and the 
additionally offered authentication semantics.  In fact, it doesn't even 
mention the word "authenticity" once.  I think it should.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFESgfwL7PKlBZWjsRArPBAJsEu9T/J+wXK+kzYUp+ZqKyX7sykQCfZp23
/2q3Rv1oQC1wF7Dphlev9Go=
=N9jL
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com