On Wed, 2004-11-03 at 09:24 -0800, Michael Thomas wrote:
Dave Crocker writes:
> This track record calls for taking the most narrow, focused approach
> we can. This means the specification should be absolutely minimalist.
> We should strive for the most basic and straightforward capability we
Speaking of deployability, can you please explain how the
hopwise solution that you are advocating doesn't run afoul
of the PRA IPR? I don't understand how the responsible party
search that you're advocating is in any way different than
the MARID PRA and that known roadblock to deployment.
Tony already pointed out that trying to identify a single 'most recent
sender' isn't sufficient. I assume that our algorithm will therefore be
necessarily different to that used for PRA, although I haven't studied
the PRA proposal closely due to its more obvious flaws, and I haven't
studied the patent due to repeated advice that engineers should not do
To assist the less able sysadmins out there, we're just coming up with a
simple algorithm by which one can determine that due to the lack of
signatures, an email cannot possibly be valid. We need to do this to
prevent people from wrongly rejecting valid mail. We unfortunately know
that this guidance is necessary due to the number of sites who
enthusiastically reject all MAIL FROM:<>, who publish and obey SPF
'-all' records, etc. and therefore reject valid mail.
The algorithm must naturally follow very closely from existing practice
and RFC2822, and will be so obvious that it cannot possibly be