In <200503031635(_dot_)25675(_dot_)blilly(_at_)erols(_dot_)com> Bruce Lilly
<blilly(_at_)erols(_dot_)com> writes:
On Thu March 3 2005 13:13, wayne wrote:
(Actually, off hand, I can't think of anything about SPF
that Dave does like, but...)
He's not alone...
I understand, and I don't think it would be productive to rehash all
issues with SPF here.
They are pushing through both this SPF I-D, and the
Microsoft Sender-ID I-Ds, apparently without even an IETF last call.
That would be a procedure violation, and could be appealed to the IAB.
Maybe, but it is pretty well shown here:
http://datatracker.ietf.org/state_diagram.gif
The IETF seems to be a pretty funny organization. They clearly value
politics over technical considerations.
That's quite a broad brush you're trying to paint with. Perhaps
you fail to understand some of the technical arguments against SPF...
Until this I-D, the IETF never evaluated SPF. They created a working
group (MARID) and created a new proposal (SenderID) that was based on
many ideas, including both SPF and Caller-ID. However, neither of
those proposals were adopted by the IETF.
I'm not sure that I want to
go through the effort of trying to create a working group, knowing
that I don't have the political clout to keep things focused on
technical issues.
Is that a perverse way of stating that a) those who understand the
technical issues aren't interested in SPF and/or b) those who are
interested in SPF are unable or unwilling to confront its technical
defects?
There have been lively debates, open to all, about SPF on the
SPF-discuss mailing list since 2003. Most SPF proponents, and the I-D
in question also, acknowledge that SPF has problems in certain cases.
But, as I said in a previous email, if there was a clean, simple
solution to the problem of email authnetication, I think it would have
been found years ago.
-wayne
