ietf-mxcomp
[Top] [All Lists]

Back doors and syntax

2004-07-28 05:02:36

With the recent issues raised by Douglas Otis concerning
the PRA algorithm: 

http://www.imc.org/ietf-mxcomp/mail-archive/msg02865.html

and Terje Petersen concerning Submitter:

http://www.imc.org/ietf-mxcomp/mail-archive/msg02828.html

have the MARID proponents:

* Sought out senior IETF review of Marid core and Submitter
proposals from "security and operations geeks?" 

See the urgent suggestion of Dave Crocker on July 19, "with
one candidate source for reviewers being
http://graybeards.net/sirs/index.html.";

http://www.imc.org/ietf-mxcomp/mail-archive/msg02751.html

* Considered putting forward a panel of reviewers for
consideration by the WG Chairs and Technical Advisors as
per a suggestion in the same thread. 

http://www.imc.org/ietf-mxcomp/mail-archive/msg02771.html

* Or otherwise are the WG Chairs aware of any steps being
taken by the MARID proponents to have such a review carried
out and if so, do we have any idea when this review would
be available for the benefit of the WG?

I ask because to the best of my knowledge there has been no
large scale field testing of MARID core or SUBMITTER to
verify the proposals and therefore the WG may benefit from
such a review.

On a separate note, in reading the SPF "help mailing list,"
it is becoming apparent one implementation issue is going
to be mis-configured DNS set ups. This seems to be
happening with "mom and pop" shops all the way up to and
including large corporations with huge networks and IT
departments.

Would it be helpful if there was a statement in the MARID
protocol suggesting that implementers for senders should
endeavour to ensure DNS set ups are in compliance with the
appropriate RFC's, prior to publishing an SPF record to
avoid problems? 

I appreciate this may be a statement of the obvious, but
... many folks are going to want to publish a record either
on their own and this might help with implementation.  

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 19/07/2004