ietf-mxcomp
[Top] [All Lists]

Re: clarification on consensus call for compromise

2004-09-10 08:33:03

Yakov Shafranovich a écrit :

What about the scope idea itself? Do you agree with it?

Well, I must admit that I haven't have much time to spend thinking of this
issue since it has been raised, but there are a number of reasons that
make me feel quite uncomfortable with it :

It seems to me to be in contradiction with the "keep it simple, stupid"
paradigm. We have to take into consideration that these protocols are
being discussed and designed by e-mail experts, but will have to be used
by "average-skill" sysadmins, and the procotol should avoid to create
unnecessary complexities that would cause one to wonder what can be the
differences between a 2821 or a 2822 scope on a practical standpoint, what
differences it may cause in the system behaviour depending upon which kind
of scope they want to publish in their records, or check in their MTA.

The current SPF system record syntax is "a bit" complex, but yet
straightforward enough to allow easy understanding. I'm afraid that if we
have to add different scopes, and possibly different DNS records for a
domain depending on the scopes, it may create complexity beyond the
average sysadmin's understanding (or will to spend the necessary time for
understanding and testing different possibilities).

I'm also not sure that possibly multiplying DNS records for different
scopes would be such a good idea, as it will, again, add complexity in DNS
maintenance (and possibly multiply queries, cause TCP answers and add to
DNS load).

Lats but not least, I'm afraid that this could result in a mess, with the
sender publishing records for one given scope, where the recipient MTA
would be configured to check only for another scope, which would result in
no checks being performed.
The more complex we make it, the more chances we have to find ourselves in
situations that may product "unpredictable results" between unrelated
sending and receiving domains.

Since the beginning, I feel that the "good" solution IMHO for the first
MARID protocol, especially if we want to get something usable and deployed
in the shortest possible timeframe, would be to go for SPF-Classic
accompanied with SRS. And stick to it. Simple, that already has running
implementations and a wide real-world deployment.

I have also expressed here in the past that I feel that MARID should limit
itself to checking existing 2821-stage fields (which means MAIL FROM: and
HELO:) and leave alone the emails contents (2822 headers being "content").

Anyway this is just my personal opinion, regardless of other IPR issues.

-- 
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E

 Qui peut m'expliquer comment fonctionne le fusible thermique sur les
 processeurs. Est ce que cela peut se configurer ?
 -+- DA in : <http://neuneu.mine.nu> : Neuneu pète un plomb -+-


<Prev in Thread] Current Thread [Next in Thread>