-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Meng Weng Wong wrote:
| So someone had the idea that we should have an Official
| Statement to release to the Media. Would anybody like to
| help iterate this? Let me know if I left anything out, and
| if people are reasonably comfortable with it we can put it
| out there on a web page or something.
I can effect this tomorrow with the other stuff I've already said I'd do.
| * * *
|
| While the disbanding came as a bit of a surprise, I now see
| why it was a necessary move. There were a number of
| proposals on the table; because there was little consensus
| that we should pick just one, the co-chairs decided to
| pretty much publish all the contenders as experimental
| proposals, and let them evolve and let the market decide.
|
| This actually makes sense. Why? Good standards are not
| unilaterally decided by committee and then announced for the
| world to adopt. Good standards evolve organically, and only
| after the world has already adopted them, does the IETF step
| in, formalize, and bless them.
|
| Spam was such an urgent problem that we thought we could
| take a gamble: we tried to short-cut the process. We
| thought, "wouldn't it be much more efficient if we could
| just tell everybody to do the right thing?" But we found
| that people had different ideas about what the right thing
| was.
|
| What I've learned from this is: there are many right things,
| and we'll probably end up doing more than just one. An
| elephant is like a wall, like a spear, like a snake, a tree,
| a fan, a rope. In the same way, sender authentication needs
| more than one approach: we need to authenticate the HELO
| hostname, the return path, and the headers, and besides that
| we'll also need crypto.
|
| So that's our plan. The SPF community will pick up the
| pieces and define a "Unified SPF" standard. Unified SPF is
| the whole elephant. It will work better than any one of the
| proposals alone, better even than SPF Classic. We went into
| MARID holding that banner, and we're coming out with a
| patchwork quilt.
|
| Picking just one authentication technique is like saying
| "henceforth, all gas stations shall sell only 89 octane."
| But the market wants 87, 89, 91 and diesel too. There's
| lots of room at the pump. What does the future hold? All
| of the above.
|
| Facts:
| an estimated half million domains have published SPF
| records.
|
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200409/0746.html
|
| Major providers are checking SPF records; Microsoft has
| stated by Oct 1; GMail is already checking (you need to view
| full headers); and AOL has plans to convert its IP-based
| whitelists to SPF by the end of the year.
|
| The SPF community plans to take the existing records and
| squeeze as much use out of them as we can.
|
| Meanwhile, working with Microsoft on Sender ID, we have
| defined a spf2.0 specification which will be backward
| compatible with the spf1 records out there; and it will give
| senders in unusual situations greater expressiveness.
|
| So even though the IETF group is officially disbanded, the
| show will go on. MARID may be dead, but SPF is not.
| http://www.circleid.com/article/765_0_1_0_C
| http://www.circleid.com/article/742_0_1_0_C
|
| -------
| Sender Policy Framework: http://spf.pobox.com/
| Archives at http://archives.listbox.com/spf-discuss/current/
| http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta
features SPF and Sender ID.
| To unsubscribe, change your address, or temporarily deactivate your
subscription,
| please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
- --
Chuck Mead <csm(_at_)redhat(_dot_)com>
Instructor II (and resident Postfix bigot), GLS
Disclaimer: "It's Thursday and my name is Locutus of B0rk!"
Addendum: "Bwahahaha! Fire up the orbital mind-control lasers!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBVFyUZfy0juH51WsRAhRXAKCa+btur9eNVPXld483GInjjlXDIgCcC4Sg
jCg74ji6l2dpqoIc8thcMmI=
=Ercl
-----END PGP SIGNATURE-----