spf-discuss
[Top] [All Lists]

Re: SPFv1 is already extensible

2004-05-31 15:54:21
On Mon, 31 May 2004, Meng Weng Wong wrote:

On Mon, May 31, 2004 at 02:43:46PM -0600, Michael R. Brumm wrote:
| 
| Excellent point! However, I'd like to make sure we aren't confusing
"flexibile" with "extensible". Are there (extended) mechanisms which cannot
be expressed as an 'exists' mechanism? I can't think of any, but then I'm a
bit out of it right now. 

It would be nice if the exists mechanism could somehow get ahold of the list
of RCPT TO addresses.

As cryptographic schemes gain popularity, we may want to add
"domainkeys:xxx" or "pgp" or "smime" mechanisms.

None of these has anything to do with getting a pass/fail/neutral/error/...
result for SPF.  None of the them can be evaluated before data.

Any extensions not related to authenticating MAIL FROM and RCPT TO should go
into a separate DNS namespace rooted in '_ep'.

If fact, maybe that is the best compromise.  SPF stays the ways it is
and is dedicated to 'before DATA' authentication.  CID/XML stay the
way they are and are dedicated to 'after DATA' authentication, with 
XML being well suited to extensions for domainkeys, etc.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>