spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SPF: Not just a clever idea

2004-06-07 10:36:26
from [Julian Mehnle] [Permanent Link] 
Greg Connor [gconnor(_at_)nekodojo(_dot_)org] wrote:

You are right.  I imagined that people would have an emotional reaction
to XML.  I did.  What I was surprised by is the number of people willing
to act on their emotional reaction to it.


Most of the reaction actually consists of well founded technical
arguments.  Read the mailing list archives if you want to know about them.
If people start reacting emotionally, then it's probably because they are
tired of endlessly repeating these arguments without being listened to.


I wonder if people feel that XML is really the deal-breaker.  If we
could go back to MS and tell them XML is off the table, and still get an
agreement, I wonder if people would support that?  Your concern about
PRA is a valid one but perhaps by itself it wouldn't be a deal-breaker.


*I* think that the PRA thing is not just yet a deal-breaker.  It's
complicated and of dubious benefit, but with some amount of goodwill it is
acceptable.

The XML thing on the other hand is FUBAR (fucked up beyond all repair).


Personally I really *like* the idea of providing freedom of choice to
domain owners, but the downside is that MTA receivers *must* support
both in order to really give domain owners a free choice.  There has
been a lot of loud objections to XML, but how many of those come from
MTA plug-in coders?  (I can tell where James stands, but I haven't heard
from any other implementers that I know of.)


Well, my plug-in for the Courier MTA, Courier::Filter::Module::SPF[1], is
written in Perl, but I think that qualifies me as an MTA plug-in coder
nonetheless.

It's not just that XML support would have to be implemented once per MTA,
but that XML is too complicated, generally "the wrong tool for the
job"(TM) for various reasons, and even facilitates DoS attacks if the XML
parser is standards compliant (think external entities, for instance; see
the list archives for all this).


For now, I am speaking my mind, and to some extent trusting Meng to do
the right thing.  I encourage everyone to do the same.  I encourage
everyone to do the same.  There is no contract to sign, no deadline
approaching... let's wait and see what happens.


No, I'm not willing to wait and see what happens, because Microsoft
actually *is* in a position to promote The New XML-based SPF, even if it's
technically unsound.  We need to provide a good alternative *now*.  SPFv1
is such a good alternative.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Forking SPF into The New SPF and SPF1, Seth Goodman
Next by Date:  Re: Forking SPF into The New SPF and SPF1, Jonathan Gardner
Previous by Thread:  Re: SPF: Not just a clever idea, Daniel Taylor
Next by Thread:  RE: SPF: Not just a clever idea, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]