On Tue, 1 Jun 2004, Andy Bakun wrote:
On Tue, 2004-06-01 at 15:46, Stuart D. Gathman wrote:
There is actually no need for any mechanism other than exists. The other
mechanisms exist only as an optimization for common checks which can be
safely performed on the receiving MTA without consulting the sender domain.
This is an excellent way to think of it, and perhaps the spf website
should present it like this. I think a lot of people think of exists as
being the "hard-way" -- you have to setup a custom DNS server, and all.
If walking people through creating SPF records generated possible exists
directives, and then showed how those can be converted to the
"shorthand" directives that don't require a custom DNS server, this
might help people see the simplicity.
Not only are the existing receiver side shortcut mechanisms redundant (though
useful), but every additional feature has the potential to compromise security
for mail receivers. The Microsoft XML proposal, true to their track record, is
a mail security nightmare. If it comes to pass, every MTA will be required to
fetch an arbitrary XML program from the sender, be it virus, spammer, evil
hacker, or occasionally a legitimate sender and interpret it in an attempt
to determine whether the mail is in fact from a legitimate sender.
While initially less than Turing complete, this XML program is "extensible",
with an ever growing feature set. Quickly, admins get tired of adding
the latest ever more complex code that big mail senders want all
receiving MTAs to run for them. MicroSoft, proud as punch over their
patent on using XML to represent a Turing complete computing engine (like LISP,
only with '<>' and .NET semantics), offers the ultimate solution.
In SPFv6, the XML itself will carry the code the big mail senders want you to
run for them in your MTA. All DNS clients and servers must now support TCP
queries to handle the 500K records common with SPFv6. Thank goodness for
DNS caching, or the internet would collapse until the strain. Evil hackers
will have a field day writing SPF viruses. But MicroSun will say, "not to
worry, use Java.NET to sandbox your SPF interpreter. We invented sandboxing."
But MicroSun MTAs will run Java.NET in the 'trusted' mode inherited from .NET
for better performance. This lets evil (or are they?) hackers exploit buggy
code and the unchecked stack allocation enabled by 'trusted' mode.
The presence of this new breed of MTA virus goes unnoticed, except
for unexplained crashes here and there. But they are agents for the
Rebellion, silently biding their time until the Revolution . . .
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.