On Wed, 11 Aug 2004, Mark Lentczner wrote:
The client doesn't understand SUBMITTER
1) there is no SUBMITTER=
The client does understand SUBMITTER and:
PRA == MAIL FROM and
2) the client leaves SUBMITTER= off
Alas, there is no way to distinguish state 1 from 2. Sure, things would be
tighter if we disallow state 2. I'm not sure this is a big deal.
It makes it much more likely that there will be bugs and interop problems
that prevent people from using Sender-ID in interesting ways. I'm working
on techniques like BATV that rely on totally different verification rules
for the PRA and the bounce address. A clever SPF record coupled with a
custom DNS server allows SPF-aware servers (i.e. which check the bounce
address as opposed to the PRA) to verify signed bounce addresses without
an SMTP callback. If there is confusion in the protocol about whether the
PRA or bounce address is being checked then this becomes hopelessly
unreliable.
I also tend to agree that any language about what might happen if we require
SUBMITTER in the future should be left out of the draft unless we actually
agree on what will happen, and when we will do it.
It's utterly foolish to expect that the Internet will follow your
timetable.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 2 OR 3 INCREASING 3 OR 4. FAIR.
GOOD. SLIGHT OR SMOOTH.