"Wayne" == Wayne Schlitt
"Re: Re: 'explain' etiquette, or is this a security concern?"
Tue, 20 Apr 2004 11:24:59 -0500
Wayne> The explanation text is a way for domain owners to
Wayne> communicate with the users of their domain.
Wayne> Consider the case of an ISP in Elbonia, where the law says
Wayne> that they must present information in both Elboneese and
Wayne> Sanskrit. So, isp.eb could have an explanation of
Wayne> "Mungo/ark: http://isp.eb/why.html?..." On the why.html
Wayne> web page, it could present the information in the
Wayne> appropriate languages, explain isp.eb's AUP about using
Wayne> their domain name and give the users the ability to request
Wayne> exceptions and such.
Wayne> While such things are not critical to SPF, it sure is a
Wayne> very nice thing to have available.
Is this a solution looking for a problem?
Wayne> Again, the only people who will see the explanation text
Wayne> are spammers and such who have forged the domain name and
Wayne> legitimate users of the domain name that need to be given a
Wayne> clear explanation *to them* about the correct use of the
Wayne> domain name they are using.
And anyone else that can listen to what is on the wire.
What worthwhile purpose is served by introducing a new mechanism where
one is expected to transmit data that looks like it came from him when
it may have been spoofed by someone else? IMHO the potential use,
abuse, or gaming of such data should be well constrained by the
standard, or removed from the standard, but not left as an
implementation detail.
The surest way to prevent abuse of the mechanism is not to have it in
the protocol.
jam