[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization Mechanisms

To: Randall Gellens <randy@xxxxxxxxxxxx>
Subject: Re: Authorization Mechanisms
From: Ned Freed <Ned.Freed@xxxxxxxxxxxx>
Date: Thu, 28 May 1998 20:27:47 -0700 (PDT)
Cc: ietf-submit@xxxxxxx
In-reply-to: "Your message dated Thu, 28 May 1998 19:18:52 -0700" <>
Sender: owner-ietf-submit@xxxxxxx

> In recasting the submit document as a BCP, I've added a section on
> methods to ensure a submitter is authorized.  I have SMTP AUTH, IP
> address restrictions, and the POP login methods.

> Are there others that should be mentioned?

Well, there's signing messages (I've seen this used once or twice), there are
DNS checks (e.g., a IP --> (PTR) --> name --> (A) --> IP check and see there's
a match and the name in the middle is OK), and there are nonstandard SMTP AUTH
equivalents. I strongly recommend that the latter two not be mentioned.
Mentioning the first would be fine if you think it is worth it.

				Ned

References:
- Authorization Mechanisms
  - From: Randall Gellens

Prev by Date: Authorization Mechanisms
Next by Date: Re: Authorization Mechanisms
Previous by thread: Authorization Mechanisms
Next by thread: Re: Authorization Mechanisms
Index(es):
- Date
- Thread