spf-discuss
[Top] [All Lists]

RE: Re: change of version string

2004-08-05 21:28:52
Mark,

In response to the answers you gave to me concerning
the change of version string, Wayne wrote as follows:

"I strongly disagree that that the MARID working
group did not show any serious interested in a "unified"
approach.

First off, the Unified-SPF specs were barely discussed on
MARID list because, from what I can tell, preasure from
Microsoft.  Secondly, the 2821 checks were not abandoned,
but delayed until after the 2822 PRA checks were finished.
These 2821 checks are coming back in the form of CSV
(etc.), but there is no reason not to push for the
Unified-SPF approach at the same time.  

When you say "It isn't clear to the group as a whole ..."
are you speaking as a co-chair?  If so, your comments seem
to conflict with the words of the other co-chairs in their
interim meeting minutes.

Even in the last jabber session before IETF-60, the
continued support for SPF-classic brought up.  I know that
both you and Meng think that the entire SPF community will
follow along and switch to the PRA and MARID, but I don't
believe it for a second.  

Your own study of the PRA showed that it had a much higher
error rate than SPF and as tiny as your study was, it is
the largest todate.  There simply has been almost no
testing of the PRA and little reason to trust it.

<snip>

Yeah, I'm not that happy to see you abandoning something
that works for something that doesn't and then trying to
convince people here that the IETF won't consider
Unified-SPF." 

Given this response, I must ask what the heck is going on?

It would also be helpful to get answers on the following
questions, although they may be outside of your purview:

* If the new draft will not reference SMTP MAIL FROM checks
but only PRA checks, on what basis can the open source
community continue to be involved?

The MARID WG co-chair, Andy Newton previously indicated in
response to my question on August 3, 2004 that it is reasonable
to presume MS is claiming IPR in Sender-ID and one needs to sign
a license with MS to continue with development involving
Sender-ID?

I appreciate that with the split of core and PRA this may raise
the issue again and MS has until the August 23 to revise its
position.

But until that happens, how can any development work be
done in support of the either the existing or new drafts,
given the clearly stated intention to drop all references
to SMTP MAIL FROM checks without signing an MS license?

I suggest guidance is required for all those involved with
ongoing development.

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.734 / Virus Database: 488 - Release Date: 04/08/2004