ietf-mxcomp
[Top] [All Lists]

Re: Drive Towards Consensus [was Re: On Extensibility in MARID Re cords]

2004-06-19 14:29:30

On Fri, Jun 18, 2004 at 08:55:35PM -0700, Hallam-Baker, Phillip wrote:

Another example where SPF syntax comes unstuck.

A domain uses S/MIME authentication in addition to IP based auth. This
allows a mail message from a bank to display the logo of the bank in a
privilleged part of the display by means of the X.509 logotypes extension.


That sounds like something that belongs only in MUAs. I think that's way beyond 
the scope of SPF and its ilk. 

The following information is needed:

      * express statement 'all mail is signed'
      * express the message digest of the signing certificate
      * express the algorithm supported.


I claim, quite fairly, that spf syntax can handle this.

Now consider the following complications:

      * Also support pgp message format
      * express different signing policies 'mail signed when extension
offered'
      * handle the TLS protocol
      * encryption
      * different key distribution structures - web 'o trust, xkms, domain
key


[ ... ]


This is not a theoretical proposal. The use of signed mail is already under
serious discussion in anti-phishing forums. 


It all sounds pretty vague to me. Perhaps you could explain more of the details.

It took me less than half an hour to write a schema for this application in
XML. I don't think anyone could claim to write a parser for a corresponding
SPF syntax in the same time.


that doesn't make any sense. obviously defining a schema/format/syntax takes 
way 
less time than writing the code to actually read it.