In <158927513(_dot_)20040324071735(_at_)brandenburg(_dot_)com> Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> writes:
AD> I can think of a number of new protocols deployed at the edge, and
AD> in wide use, in significantly less than 3 years.
Please name them.
Well, I guess it all depends on your definition of "wide use", but off
the top of my head, I can suggest HTTP, AIM, DNSBLs, and it looks like
SPF is well on the road to widespread use.
As Alan said, all of these have had the property of not having the
IETF involved.
It requires end-users to pre-register the MTAs that they will use.
AD> SPF says nothing about end-users registering MTA's.
The end-user carries the ultimate burden imposed by SPF.
This isn't entirely true.
Companies that use SPF to restrict the usage of their domain name pay
almost the entire cost of their choice. Part of that cost may involve
training of employees, or helping employees change the way they do
things, but the company still pays the employees for this time.
ISPs and such that use SPF to restrict the usage of their domain
names, and do it in such a way as to be painful for their customers,
will likely lose customers. This puts the ultimate burden on both the
ISPs and the end-users. This, unfortunately, is no different from
many other bad policies that ISPs can choose to do, or good policies
that ISPs choose to do in bad ways.
Right now, the burden of unauthorized usage of domain names falls
largely on the domain name owners.
The end-user carries the ultimate burden imposed by SPF. Only the
end-user can possibly know the variety of access venues they will have.
And many require registration.
Actually, the LMAP proposals all allow the domain owner to track the
DNS lookups, so that they can get a general idea of the variety of
access venues. SPF allows for much more detailed tracking and for the
DNS lookups to be directed to a different nameserver so that the
logging is much more practical.
This means that the domain name owner can have a much better idea of
of the variety of access venues than any individual end-user.
AD> And if end-users wish to use an MTA not listed in DNS for a domain,
AD> they can talk to the domain owner.
That is the same as saying that the end-user carries the burden. This
is about end-user impact, not the act of text editing domain records.
If the end-user has no legal right to use the domain name, then
denying them the use of that domain name is not a "burden". Stores
that install anti-shoplifting devices are not placing a "burden" on
shoplifters, even though shoplifters may no longer be able to shoplift.
AD> That is, SPF allows end-users to register MTA's. It doesn't
AD> "require" that registration.
Right. And end-users are not "required" to send email.
End users are not required to send email from domains that have not
approved of their use. With domain name ownership going for
$5-$10/yr, it is likely that end-users will be easily able to find a
domain name that they can reasonably use.
The LMAP proposals are, fundementally, about giving domain name owners
a voice. The fact that some domain owners will choose to say things
that are shortsighted, bad, hateful, or stupid is not a valid reason
keep them gagged. Receivers of email are easily able to decide if
they want to listen to domain name owners or not, which greatly limits
any damage that domain owner's speech can cause.
-wayne