spf-discuss
[Top] [All Lists]

So ... did Dewey beat Truman?

2004-08-04 21:05:52
Oh yes, the famous headline of the Chicago Tribune when
Dewey was supposed to have beaten President Truman in the
1948 Presidential election.

Why that subject line? Because of this article:

IETF Prepares to Forward Sender-ID
http://www.internetnews.com/xSP/article.php/3390221

The implication from the article, as a result of the author
interviewing Andy Newton, one of the co-chairs of this WG
was that Sender-ID had won and CSV had lost.

The only thing holding things up? According to the article,
a fight going on within MS whether to insist on a license
for Sender-ID or not.

However it seems based on quick notes released by the WG
chairs, the issue remains open.

Why do I say this? 

* The core draft protocol (aka Sender-ID) will now be
divided into two documents, core and PRA.

* In the meantime, MS has been given until August 23 (the
same date when last call starts) to file any IPR claims.

* The group can start discussing CSV.

And what about CSV? 

It might be helpful if Andy could clarify whether the
interview in the noted article is accurate, or did the
reporter mangle his remarks and draw the wrong conclusions. 

Why? Because the article leaves the impression the issue
has already been decided.

Instead, with the split of Marid core into two documents,
core and PRA, the community could enjoy the benefit of
doing:

* PRA checks meaning both SENDER FROM and FROM checks as
per PRA.

* SENDER FROM, MAIL FROM or EHELO checks all as per core.

(I appreciate some may balk at this, but bear with me.)

With the Marid protocol (SPF) being the design used for
senders to publish DNS records, this allows people to build
a receiving authentication model around any one of these
four options depending on their needs, without prejudicing
senders.

The benefits:

* It leaves MS free to claim a defensive patent on PRA and
require a license should it so decide. 

If MS decides to proceed in this direction, those
developers who are happy to sign a license can do so. Those
receivers who want to do full blown PRA checks can do so. 

* It allows the open source community free to develop and
implement an authentication model around SENDER FROM, MAIL
FROM and/or EHELO FROM. Those receivers who would prefer to
focus on the transportation stage for authentication can do
so. 

* This approach does not prejudice senders since the record
published using Marid protocol (SPF) can be used to support
any authentication chosen by the receiver.

* It allows the market to decide which approach to use
based on performance. 

* It allows testing to proceed.

* It does not prevent ISPs and business networks from
saying in essence, don't want your mail to be automatically
rejected, then by such and such a date you must have
published an SPF record or else we will automatically
reject. As to whether it is delivered or not, depends on
our policies.

* For marketing purposes call the whole thing Sender-ID to
expedite implementation (presuming this name is available
and not encumbered).

One thing. I am not trying to rehash old ground, or usurp
what was discussed and agreed upon at the WG meeting. If
the approach suggested is foreclosed by what was discussed
and agreed upon, so be it.

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.729 / Virus Database: 484 - Release Date: 27/07/2004
 


<Prev in Thread] Current Thread [Next in Thread>