[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: a draft on messaging, impersonation and identity
- To: <sethg@xxxxxxxxxxxxxxxxxxxxx>, "Michael Thomas" <mike@xxxxxxxx>, "Peterson, Jon" <jon.peterson@xxxxxxxxxxx>
- Subject: RE: a draft on messaging, impersonation and identity
- From: Jim Fenton <fenton@xxxxxxxxx>
- Date: Sat, 16 Oct 2004 19:53:38 -0700
- Cc: "'George Gross'" <gmgross@xxxxxxx>, <ietf-mailsig@xxxxxxx>
- Iim-sig: v:"1"; h:"imail.cisco.com"; d:"cisco.com"; z:"home"; m:"krs"; t:"1097981758.30999"; x:"432200"; a:"rsa-sha1"; b:"nofws:1500"; e:"Iw=="; n:"sQYarK2E51MdcTiUqeif3F7cWdxIfoCiXhdfb9vD5ee/j0jXL15gbFxF2pXIw" "eAblu0N6XAgK7k+wrbr7bQDJaCDqOmzqpRUBjIRQAXQ7NzadpmR3pUL6wxaRU" "tW+c43sl9jC50Qg1sXHpPjt8Y+Y16ioyQAQAdSunM4YhevURc="; s:"Ug0PYmroMxl0wHdLkgs+JpsdsWEEKkxdkIJ47Ks74dozDxkI9JD+sCTgt2Jhz" "BQsTkw4GfQCbFP25Kwq7uAW4+zxF8nHiq33oYO2TQLFd7Ef8rGNfHUjteZIxt" "8NS6fGHpiB92z+K8qDzNQxOppOxIWYnWhBxOyu/vvgTWfu6w0="; c:"Date: Sat, 16 Oct 2004 19:53:38 -0700"; c:"From: Jim Fenton <fenton@cisco.com>"; c:"Subject: RE: a draft on messaging, impersonation and identity"
- Iim-verify: s:"y"; v:"y"; r:"60"; h:"imail.cisco.com"; c:"message from imail.cisco.com verified; "
- In-reply-to: <>
- List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
- List-id: <ietf-mailsig.imc.org>
- List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
- References: <>
- Sender: owner-ietf-mailsig@xxxxxxxxxxxx
At 05:23 PM 10/16/2004 -0500, Seth Goodman wrote:
>> From: Michael Thomas
>> Sent: Saturday, October 16, 2004 4:12 PM
>
><...>
>
>> Thus, I fundamentally think that starting from identity and
>> working out from there is a good way to lose sight of what
>> the original problem was. Afterall, the original problem
>> wasn't "can I name something", but instead, "who's allowed
>> to do this/use this/assert this and how can I enforce
>> that in a way that affords me more control in reality
>> than I have today?".
>
>Strongly agree. We could try to answer the question, "is the author of this
>message who they claim to be", and get tangled up in the considerable
>difficulties of answering that. Considering how the net is organized and
>how email is actually used today, a more useful question is, "has the domain
>owner authorized the originator of the message to use a given identity at
>that domain". This is a much easier question to answer and for the great
>majority of cases, is good enough for the purposes of normal email. For the
>handful of cases where more specific assertions of identity must be made and
>verified, there are existing solutions, though more cumbersome, to
>accomplish that.
I would go even further than "...for the great majority of cases, is good enough...". I believe it to be the right question to ask for purposes of authorizing email, unless one wants to interfere with current use cases desiring (relative) anonymity.
-Jim