[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Benefits/costs of authorizing different identities

To: "Dave Crocker" <dcrocker@xxxxxxxxxxxxxxx>
Subject: Re: Benefits/costs of authorizing different identities
From: "Jon Kyme" <jrk@xxxxxxxxxxxxxx>
Date: Wed, 07 Apr 2004 16:20:14 +0100
Cc: ietf-mxcomp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx

> JK> Unfortunately, you actually said that the charter for the group was
> on
> JK> "peer validation" whereas in fact the group is chartered to develop
> JK> mechanism which may be used for this purpose.
> 
> "Primary use case" means that if it can't achieve that use, we have
> not satisfied the charter.  That's very different from saying "may".
> 

No Dave, that's what "may be used" means: ability, competency, for such
use.
 


> 
> Breaking legitimate functionality of a system that has been in use for
> 30 years and is currently relied on by 1 billion people obligates
> those doing the breaking to be very clear and careful about defining
> and defending the breakage.  That is not happening about this topic.
> 

Well sure, that functionality is important to many users, I completely
agree with you. I know children's scissors have blunt ends, but that
doesn't mean that all scissors must have. We assume that grown-ups are
capable of making sensible judgements about appropriate use. Sometimes,
sadly, we're wrong.

> 
> >> More generally, SMTP is a point-to-point protocol.  Any attempt to
> >> assign a level of trustworthiness to an MTA requires a chain-of-trust
> >> model back to the originator.
> JK> I don't really want to get involved in a *trust* argument, but this
> is
> JK> patently untrue. This end might be achieved out-of-band.
> 
> This entire effort is about development of a trust mechanism, so it
> will be rather crippling to avoid discussing the topic. "This end
> might be achieved out-of-band."
>

No, I was only challenging your assertion that a "chain of trust" is the
*only* possible model.
 
> Also, I do not understand what you mean by
> 
> 
>  
> JK> I do not believe that the group should
> JK> "focus" on this to the exclusion of anything else.
> 
> This goes into the issue I raised about the dangers of not focusing.
> 

No. I meant that focussing on HELO only, to the exclusion of anything else,
would be bad. I gather that this isn't your position (any longer)?

Regards,
JK

Follow-Ups:
- Re: Benefits/costs of authorizing different identities
  - From: Dave Crocker

References:
- Re: Benefits/costs of authorizing different identities
  - From: Dave Crocker

Prev by Date: Re: Benefits/costs of authorizing different identities
Next by Date: Re: Benefits/costs of authorizing different identities
Previous by thread: Re: Benefits/costs of authorizing different identities
Next by thread: Re: Benefits/costs of authorizing different identities
Index(es):
- Date
- Thread