ietf-mxcomp
[Top] [All Lists]

FUD in Meng's "What To Do"

2005-08-23 12:24:57

12345678901234567890123456789012345678901234567890123456789012345678901234567890

While DKIM is clearly gaining momentum, a lightweight (LMAP) solution
(lightweight in terms of
bandwidth, DNS, CPU, user and administrator load) is needed as well,
such as CSV or SPF3.  DKIM is not lightweight in terms of
bandwidth, DNS, CPU or administrator load.  SPF is not lightweight in
terms of DNS, user or administrator load.
Meng writes in whitepaper.pdf:
Spread FUD about the edge cases.
None of the approaches are perfect.  A message could be for-
warded through a site that does not perform srs and does
not prepend Resent headers; that message could then pass
through an mta that munges the content for perfectly good
reasons.  This corner case is a favourite of technical perfec-
tionists who use it to argue that one can never reliably reject
a message based on sender authentication.
I've never seen anyone make this case. It appears that this is spreading misinformation. The case I've seen made is that while this flaw (and others) exist in SPF's flavor of sender authentication, it does not apply to some other authentication systems that fit in an Aspen framework.

I also felt misled after seeing 'CSV' in big letters on the cover, but found no mention of it in the body of the paper.

I've set reply-to to MXCOMP <ietf-mxcomp(_at_)imc(_dot_)org> to try and direct discussion there.

<Prev in Thread] Current Thread [Next in Thread>
  • FUD in Meng's "What To Do", Matthew Elvey <=