Doug,
On Wed, 25 Feb 2009 00:10:21 -0800, Doug Otis wrote:
> The Sender-Header-Auth draft clouds what should be clear and concise
> concepts. Organizations like Google have already remedied many of the
> security concerns through inclusion of free form comments.
For the sake of being thorough, I
Doug Otis wrote:
Since *authorization* does not *authenticate* a domain as having
originated a message, this leaves just the IP address of the SMTP
client as a weakly "authenticated origin identifier". The IP
address of the SMTP client is the input for Sender-ID or SPF
*authorization* mec
Paul Hoffman writes:
> At 12:28 PM -0500 2/11/09, John Sullivan wrote:
>>The Free Software Foundation and the GNU Project oppose publication
>>of "Transport Layer Security (TLS) Authorization Extensions"
>>(draft-housley-tls-authz-extns) as a proposed standard. We do not
>>think that RedPhone Sec
Peter Saint-Andre wrote:
Marshall Rose wrote:
briefly, you want to set the 'ipr' attribute of the element to
one of these values:
trust200811
noModificationTrust200811
noDerivativesTrust200811
trust200902
noModificationTrust200902
noDerivative
The appeal of the Authentication-Results header draft is reluctantly
being withdrawn. While this draft confuses authorization with
authentication, it is being withdrawn in the hope that subsequent Best
Current Practices will soon remedy the short-comings noted by the
appeal. This withdraw
