Dear ietf and dnsext,
I apologies for posting this ahead of the wg last call.
Over many years at attempting to change the course of the SPF process, this
effort appears to have been futile.
It seems many even feel the present spfbis document represents current
practices. It does not, from the perspective of macros.
I have written an I-D that I fully expect SPF proponents will denounce and so I
have left that wg alone.
Here is a draft written in hopes of placing these concerns into a broader
scope--
http://tools.ietf.org/html/draft-otis-ipv6-email-authent-00
Two references in this draft did not carry over in the same manner as in the
tcl script?
Until remedied, here are the links missing in this i-d:
[I-D.otis-spf-dos-exploit]
http://tools.ietf.org/html/draft-otis-spf-dos-exploit-01
[v6-BGP-Rpts]
http://bgp.potaroo.net/v6/as6447/
SPF can pose serious threats, that when confronted, few solutions are
available. I have been able to convince some of the larger providers of this
concern, who in returned offered assurances the macro extensions in their SPF
libraries are removed and in doing so have not seen any problems.
This is a serious effort at addressing a security concern, please read this
draft from that perspective.
Regards,
Douglas Otis