ietf-nntp RFC977bis w.r.t. authentication
Simon Lyall
simon at darkmere.gen.nz
Tue May 5 18:12:20 PDT 1998
On Tue, 5 May 1998, Larry Osterman (Exchange) wrote:
> And while we're talking about AUTHINFO GENERIC, the last paragraph in 9.1.2
> gives me heartburn - The server provides the client with the USERS email
> address by an undefined mechanism???????? And then if the From: field of
> posts doesn't match this email address, it puts a Sender: field in the post?
> Personally I'd never use such a server, while guaranteeing the identity of
> posters is interesting, there are HUGE privacy issues with a server that
> broadcasts a VALIDATED email address of a user over the internet. I
> recognise that masking email addresses is a poor way of avoiding SPAM,
> but.......
Personally I believe using sender as any sort of authentication mechanism
is not worth the bother (and the usefor draft certainly doesn't push it).
Actually I'd use some rougher language about the header but this is a
family mailing list.
Sender is a posting agent generated header that should only be used if
their are multiple addresses in the From header (which doesn't happen
much) or the classic "secretary posting an article written by his boss".
The Originator-Info header (see draft-newman-msgheader-originfo-*.txt )
is a possibility although usefor is leaning more towards an authenticated
Path.
--
Simon J. Lyall. | Very Busy | Mail: simon at darkmere.gen.nz
"To stay awake all night adds a day to your life" - Stilgar | MT.
More information about the ietf-nntp
mailing list