Julian Mehnle wrote:
The description of "op=auth" fails to make an explicit
point of the difference between v=spf1 Pass's authorization
semantics and the additionally offered authentication
semantics. In fact, it doesn't even mention the word
"authenticity" once. I think it should.
Okay, I've to look up the RFC number of the security glossary
again - I forgot it after we didn't add it to 4408, Reality
check: Does "authorized and cross-user forgery impossible"
really imply "authenticated" ? If yes I could simply add to
the text [...] "in other words authenticated and authorized"
(or similar). These auth*-words still tend to confuse me :-(
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com