Posting as the responsible AD for the document in question.
On 9/18/13 1:20 PM, Douglas Otis wrote:
Since this was not understood, I'll attempt to clarify. An effort to keep
these conversations fairly concise seems to lead to a level of confusion with
those not familiar with DNS.
I'm afraid I'm going to have to end this thread here and now. The
problem is not that Doug has tried to keep his explanations concise, or
that people are not familiar with the DNS and therefore confused. The
latter may or may not be true, but the problem here is precisely that
Doug has failed to keep things concise and on point. This is not meant
as an insult to Doug, and I apologize to him publicly just in case he
feels offended. It is simply the fact that he is unable to clearly and
concisely explain to others the security problem he believes exists in
this protocol. For example:
SPFbis macros inhibit normal caching protections by imposing mechanisms not
directly supported by DNS and having targets constructed from email message
components.
Doug never explains in this sentence *what* the mechanisms are the
SPFbis macros are using, he never explains *in what way* those
mechanisms are not supported by the DNS, he never explains *how* use of
these mechanisms inhibits caching, and never gives an example of *how*
the targets (I presume attack targets) are constructed.
After a long conversation with Doug, I *think* I may understand what
he's raising. I *suspect* the issue could be addressed by a sentence or
two added to 11.5.3 or, more likely, to the third and fourth bullet of
11.1. But I'm not sure, and even after that long conversation, I was
unable to get a clean explanation of the problem or reasonable text for
a solution.
So, barring further information, I am simply forced to say that Doug is
going to be in the rough part of the consensus. If someone else thinks
they will be able to clearly and concisely characterize the problem and
propose some text, I welcome such suggestions, though I ask that you
communicate first with the SPFBIS chairs and/or myself to make sure that
we all understand the specifics. We are far past the point of
diminishing returns now, and I do not wish further disruption to either
the IETF list or the SPFBIS list on this topic.
Again, I intend no insult to Doug, and I again apologize to him for
having to take this step publicly. I hope, if there is a problem here
that needs to be noted, that Doug can work with someone else so that we
can improve the document.
Thanks.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478