Re: namedroppers, continued
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: namedroppers, continued
Thus spake <Valdis.Kletnieks at vt.edu>
> Authentication: Yes, you seem to be Jeffrey Dahlmer.
> Authorization: You say you'd like to borrow a steak knife?
>
> Usually clears up the confusion in all but the most sluggish mind.. ;)
That's a very clear example, thanks.
> However, "authorization" usually implies "authentication" beforehand.
> Does anybody have a reference on an authorization scheme that
> doesn't imply any authentication?
In a sense: the IETF lists (and most others) use a null authentication
method, i.e. you trust whatever is in the message. After that (null) step,
we apply weak authorization, i.e. whether the sender is on the approved
list.
I've seen lots of proposals to improve the former-- hardly difficult -- but
none for the latter. Perhaps using precise terminology will help focus
efforts in the right area.
S
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
