Re: Sender ID and Return Path2004-08-25 06:59:19On Aug 24, 2004, at 07:11, Meng Weng Wong wrote: I have a feeling that Sender ID will proceed with an Meng & Co., I would like to encourage SPFs continued focus upon mail-from protection. Sender-ID will live or die on its own. The one thing I think we should do to change it though is limit the number of DNS redirections/chain of queries. Following a chain of 10 redirections does open the SPF technique up to a denial of service attack. While I am not a security expert, I would recommend that the chain be limited to 3 or 4 queries. For those of you concerned about Microsoft IPR bleeding over on to the SPF techniques, I think you should read carefully the Microsoft IPR disclosure, I quote from Harry Katz's note: C. If an Internet-Draft or RFC includes multiple parts and it is not Note that Mr. Katz lists the patent application as covering the two Sender-ID specs "in combination". This means to me that the patent covers the use of both the PRA algorithm and the transmission time IP address checking. SPF does not use PRA. Transmission time IP address checking is extremely well established prior art by the DNSBL operators. The nub of the novel, non-obvious process required to grant a patent is using both techniques together. In summary, SPF in its current form is needed. Whether SPF needs to be "unified" is a discussion we should undertake on this list. Best Regards, Andrew ____________________________________ Andrew W. Donoho awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250 +1 (512) 453-6652 (o), +1 (512) 750-7596 (m)
|
|