----- Original Message -----
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, February 26, 2004 1:12 PM
Subject: Re: [spf-discuss] Possible SPF machine-domain loophole???
I guess we are going to have to agree to disagree on this. I didn't
design
it, so I can't say first-hand what the design goals were. The best
information I can refer to is Meng's statement that checking the HELO was
not one of the design goals when he designed it. In other words, I am
more
inclined to believe the designer himself than to believe your
interpretation of the document he wrote.
Every author has an original intention or "idea" but what he actually writes
down and what the world "reads" is ultimately what is going to be used.
The bottom line is what is written as that is what the world is going to go
by.
The fact is, in this regard there is no Interpretatation problem with draft.
In this regard, it is clear as night and day, hence there is a loophole when
you know all the facts - i.e, put it in practice. In my 25+ technical and
product design experience, I should know well enough what the hell I am
talking about. It is a damn shame that such a good technology already has
some "controversial" at such at early stage on the very basis nature it is
trying to protect - your local domain spoofing. I tried to be nice in
putting it lightly - allowing everyone else to see it for themselves. I
believe Meng now see its too.
Again, if you go by the specs, you have a loophole which means that every
SMTP author has to take extra provision to address this specific issue that
is not part of the specs. If you think this is "ok," well, thats the
difference between you and I and we should leave it at that.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com