John Glube wrote:
The first additional question which needs to be raised is
whether it is appropriate to ask Mark to re-submit his
internet draft for further review by this group?
Yes, please. The three typos and the two space resp. slash
issues are minor fixes. The FAIL problem is also relatively
simple, we certainly can't have an "updates RfC 2821" (= the
MAIL FROM address literal problem) in an experimental RfC.
Besides, the text is shorter with a "single point of FAILure".
Wayne's "security considerations" and "processing limits"
proposals make sense (for me), but nobody else commented.
Maybe the consensus is that this is only an implementation
detail ? I'd still prefer clear and simple limits, where the
author of a "validated" sender policy can be sure, that his
policy _should_ work with all conforming SPF implementations
(minus DNS problems). That's not the case at the moment. :-(
No clear consensus wrt HELO tests, %h, default explanation,
and a Received-SPF header. Whatever that means. In Mark's
place I'd try to avoid at least the new IANA header registry.
Maybe it's not even working yet, or it needs months to get
started.
Dito not much about the "validating evaluation" principle. It
is IMHO a possible solution for many "common mistakes". OTOH
it's a strict solution, stunts like removing %{h} or adding %!
are not more possible, if unknown macrochars are syntax errors.
We'd need a new SPF version in such cases.
* the discussion be moderated by a chair with the
assistance of a technical panel; and,
So did you like the MARID experience ? I did not. We do have
a kind of "area-director" here, if Meng has had enough he can
pull the plug. Or did you just volunteer as chair ? If Mark,
Meng, James, Wayne, and William support you that should work.
* prior to the submission of any revision, I urge this
group to consider using the services of the "graybeards" to
review the work.
I don't know such services, do you have an example ? There's
this old saying about adding more manpower to a project that
is late.
I believe a systematic approach using these methods will
improve the ultimate work product.
s/will/can/ - not necessarily, as we have seen in MARID.
* On the issue of "backward compatibility," Mark does not
support allowing the use of v=spf1 records for PRA
checking. Meng sees nothing wrong with allowing the use of
v=spf1 records for PRA checking.
Meng is wrong. We know many examples where Sender-ID doesn't
work as expected, let alone with raped v=spf1 policies. All
these subtle problems like moderated newsgroups, Errors-To,
RfC 2476 MAYbe not, etc., and AFAIK nobody really tested this.
The list consensus is that the community does not support a
protocol which allows the use of v=spf1 records for PRA
checking.
This is expressed in Mark's Internet draft for Sender
Policy Framework. See section 4.0. A third party may use a
different algorithm for the check host function, as long as
the result is the same. PRA checking will not give the same
result.
ACK. It's also in the old draft-mengwong and in draft-schlitt.
Some people have expressed support for PRA checking, but
the list consensus does not support a protocol for spf2
which specifically supports PRA checking.
ACK. William's eh= and similar proposals solve the problem
for those who need it. Actually that can be done in a v=spf1
compatible way, new modifiers are possible.
Is there a way out of the problem of developing a protocol
for spf2, with Meng pulling in one direction and the
community at large pulling in a different direction?
If Wiliam's idea is not good enough for this purpose, no. If
Meng would accept William's v=spf1 compatible idea... <dream />
The real issue is whether Meng is prepared to allow this
work to proceed.
Obviously Meng didn't object to be listed as co-author in the
actual draft. Maybe it's not about his permission, maybe he's
simply bound to remain silent. But that doesn't affect Mark.
* prior to the submission of any drafts, I urge this group
to consider using the services of the "graybeards" to
review the work.
You pasted the same piece of text twice. IIRC it's a copy from
articles in MARID. Where I didn't need any "graybeards" in a
group with internet legends like /mtr or D. Crocker. Now it's
a different situation. Maybe Hector has a gray beard, he's an
old FidoNet hound.
Bye, Frank