In <58CA41E0-1708-41A8-BE6B-7EBB343479A9(_at_)mail-abuse(_dot_)org> Douglas
Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
[long rant that DougO has repeatedly given over the last 3 years snipped]
This list remains available for continued discussions of any MARID
related issues. The spf-discuss reflector required participants to
first agree with the promotion of SPF. An insurmountable barrier for
some. : )
The SPF-discuss mailing list has never required you to agree with the
promotion of SPF. Promotion of SPF is one of the on-topic discussions
for the list, as is *constructive* discussions. There have been
*lots* of people who have talked about lots of different problems with
SPF on the SPF-discuss list. I've asked several times now if any of
the other list moderators have ever thrown anyone off, and so far we
can't come up with one case.
Doug, I've read a lot of your postings about SPF over the last several
years, and I can't say I can recall you ever trying to make a
*constructive* suggestion on how to improve SPF, other than to throw
it out. If the requirement that you need to be constructive has kept
you off the spf-discuss list, I can't say I'm sorry about it.
As far as the SPF DoS stuff goes, I was the first to really raise the
issue of the DoS potential of SPF back in 2003. The constructs that
you have mentioned in your I-D were analyzed by me before you first
wrote a post about SPF. The lack of sufficient process limits was one
of the major reasons why I split with Mark Lentczner on the
SPF-classic draft and started my own, which eventually became RFC4408.
I have discussed this at length on the SPF list. The difference
between you and me is that I offered *constructive* ways to change SPF
so that the DoS potential is greatly reduced.
I really think your huge exaggerations and running around like
chicken-little claiming that the sky will fall if SPF is adopted has
done more to hurt my push to take SPF DoS potentials seriously than
anything else. I've read your draft. Your numbers don't make sense.
You spend way too much time promoting yourself and ranting, and far
too little time actually presenting data.
It wasn't until your -01 version of your draft that you actually
presented hard data in your Appendix A. Your data doesn't back up
your 1000x claims.
As I said, I've done this analysis before. I actually *tried* to set
something up that would DoS Meng's box and tested it, but it turns out
that this is *MUCH* harder in practice than your theoretical
hand-waving analysis makes it seem. People *don't* have the MTAs set
up in stupid ways that make it easy.
I'm tired of your rants Doug. I'm tired of your rants making
reasonable discussions on this subject harder. And, yes, I realize
I'm probably burning a bridge here.
-wayne