ietf-mxcomp
[Top] [All Lists]

RE: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe)

2004-08-26 10:33:57

Hi Rand,

A couple of quick comments:

* I appreciate your clarifying that the need is to have
separate records, because of the senders' configuration.

* You suggest I am putting SPF classic and Sender ID on the
same level, or wanting to get into the SPF classic v Sender
ID debate.

You base this in part on my statement:

(Of course this achieves the desired objective of sender
authentication, thwarting spoofing and other steps taken
to > hide identity, by getting everyone out in the open.)

The statement reflects a synopsis of the FTC's view of the
value of sender authentication, which is the perspective I
have been using to view what is going on in an effort to
stay objective in my own thinking.

My view from a security perspective is that the best
approach is to not rely on either one approach or one data
set, but to do both message and channel authentication
using a variety of data sets. 

I agree this discussion concerns last call for Sender-ID. 

I am not wanting to get into a debate over one approach
versus another. 

The issue is:

* Whether within Sender-ID it made more sense to go with
the same version of records as SPF.

You have raised a catch 22 problem for larger organizations
with complex records. Going the sub-domain route raises
catch 22 problems for the vast number of individual domain
holders.

Needless to say, I am sure the design and security experts
will come forward with a solution.

From my own perspective, although some may not consider it
directly relevant to last call of any particular proposal,
given the issues, infrastructure and underlying import of
email, the question in my mind always remains:

* How would the FTC view what is decided given the FTC
mandate to protect the US consumer's interest, ensure
competition and protect against unfair trade?

I also keep in the back of my mind that the FTC has clearly
stated, if industry does not get it right, (what is right
of course being unclear as it helps to keep people on their
toes) the Feds reserve the right to step in and do the job.

As to the rest of your comments, I greatly appreciate your
elaborations.

Cheers, John

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004
 



<Prev in Thread] Current Thread [Next in Thread>