Re: draft-pearson-securemail-02.txt

From: Douglas Otis <dotis at mail-abuse.org>
To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz at gmail.com>
Cc: ietf at ietf.org
Date: Mon, 5 May 2008 18:17:58 -0700
In-reply-to: <fviqln$ff1$1 at ger.gmane.org>
References: <20080430061502.0345B3A6D47 at core3.amsl.com> <6.2.5.6.2.20080503134704.03283f90 at resistor.net> <fviqln$ff1$1 at ger.gmane.org>

On May 3, 2008, at 3:44 PM, Frank Ellermann wrote:

> SM wrote:
>
>> SenderID and SPF does not authenticate the sender.
>
> For starters they have different concepts of "sender", PRA and  
> envelope sender, and RFC 4408 section 10.4 offers references (AUTH +  
> SUBMIT) for folks wanting more.

Agreed.  Neither SenderID or SPF offers authentication.  Both of these  
schemes provide a method for domains to _authorize_ IP addresses used  
by SMTP clients.  This can not be described as authentication since  
SMTP clients are often shared by more than one domain.  This scheme is  
fully dependent upon secure routing through questionable boundary  
issues.  In addition to the section 10.4 references, DKIM is another  
possible choice.

-Doug 

_______________________________________________
IETF mailing list
IETF at ietf.org
https://www.ietf.org/mailman/listinfo/ietf

References:
- Re: draft-pearson-securemail-02.txt
  - From: SM
- Re: draft-pearson-securemail-02.txt
  - From: Frank Ellermann

Prev by Date: Tag Heuer replicas better than originals
Next by Date: RE: [Geopriv] Last Call: draft-ietf-geopriv-radius-lo(CarryingLocation Objects in RADIUS and Diameter) to Pr
Previous by thread: Re: draft-pearson-securemail-02.txt
Next by thread: Elegant watches for less than half
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: draft-pearson-securemail-02.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.