The IETF, in the form of the IESG, has made it clear that they do not
want SPF going through a working group. That is part of why MARID was
shut down. They are pushing through both this SPF I-D, and the
Microsoft Sender-ID I-Ds, apparently without even an IETF last call.
just as Informational or Experimental. they can't standardize them
without a Last Call. even so a Last Call would still be advisable.
all of the authentication schemes I've seen suffer from one or both of
these problems:
- trying to do more than is reasonable for that particular approach
- trying to retroactively change how the mail protocol is used, or to
restrict future use of the mail protocol such that valid use cases will
no longer work
what we really need is a framework that allows multiple schemes to
coexist and work constructively together. but that can't happen as
long as the schemes try to change the mail protocol in incompatible
ways.
Keith