ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard

2012-03-01 10:18:23
from [SM] [Permanent Link] 
At 06:09 01-03-2012, Barry Leiba wrote:

Keep in mind that the charter has these two items:


Ok.


2. SPF is widely deployed in the real world.  Information about
Is a protocol considered by the IETF to be widely deployed based on deployment of implementations? For example, an IPv6 survey ( http://dns.measurement-factory.com/surveys/2011/IPv6/ ) used a a DNS-centric perspective to measure some basic statistics on IPv6 deployment. Are such statistics acceptable to the IETF to determine wide deployment of RFC 2460? 

Quoting a report from 2010 about DNSSEC:

  "2010 has been a significant year for DNSSEC. On July 15th, the root zone
   was signed, removing one of the most significant barriers to broad DNSSEC
   deployment. However other obstacles remain:

   - The .com and .net zones are not yet signed.
   - Few registrars support DNSSEC.
   - Few resolvers have DNSSEC validation enabled.
   - The tools for managing signed zones are basic and typically entail a
     steep learning curve.

 Consequently DNSSEC deployment is still extremely limited."
The above mentions some of the factors that affects DNSSEC deployment. If DNSSEC records are published in DNS but few resolvers have DNSSEC validation enabled, does that constitute wide deployment? 

According to BCP 97:

  "In the IETF, it is a basic assumption that implementors must have a
   clear understanding of what they need to implement in order to be
   fully compliant with a standard and to be able to interoperate with
   other implementations of that standard".
Is the interoperability assessment based on implementations of a specification or are other ways to determine interoperability acceptable to the IETF? 

At 06:22 01-03-2012, Scott Kitterman wrote:

IESG.  It includes SPF specifics (although it doesn't require a normative
reference to RFC 4408, so there's no downref issue with it), so I think that
in the context of authentication failure reporting this is already established 
to be in scope.  All the current draft does is provide an optional mechanism


In the Last Call message issued by the IESG, it is mentioned that:

  "Note that this document has a downward normative reference: This document
   makes a normative reference to SPF (RFC4408), which is Experimental."

Is the downward normative reference in the draft incorrect?

Regards,
-sm 
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-betts-itu-oam-ach-code-point-03.txt> (Allocation of an Associated Channel Code Point for Use by ITU-T Ethernet based OAM) to Informational RFC, Russ Housley
Next by Date:  Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis), Adrien de Croy
Previous by Thread:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Barry Leiba
Next by Thread:  Re: Last Call: <draft-ietf-marf-spf-reporting-08.txt> (SPF Authentication Failure Reporting using the Abuse Report Format) to Proposed Standard, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]