Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

["Alan DeKok" <aland at ox.org>]

Yakov Shafranovich <research@solidmatrix.com> wrote:
> Which brings us back to your original point - why do we want to 
> authenticate identity?

  I would suggest that for most cases, we don't.

> Identity of the incoming MTA or the sender by 
> itself will be meaningeless unless combined with some form of a 
> reputation system.

  We don't need a repudiation system if we have a live verification system.

> As for stopping forgery, since this operates only on the SMTP Session 
> level, it does not stop forgery of the mail content itself. Rather it 
> autheticates the SMTP transaction which lets the network administrators 
> complain to the originator. BUT, if the incoming IP is know, we know who 
> the admin is anyway, so what's the point to tie it in with a domain.

  Are you sure we know wo the admin is?  Some ISP's delegate IP's, and
then disclaim responsibility when their users abuse the net.  Are we
to hold that ISP responsible?

  My opinion would be to say "yes".  Everyone who contributes to the
creation of a problem is partially responsible for it.  The fewer
people who contribute to creating problems, the fewer problems.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg