John Glube wrote:
* On the issue of "backward compatibility," Mark does not
support allowing the use of v=spf1 records for PRA
checking. Meng sees nothing wrong with allowing the use of
v=spf1 records for PRA checking.
--Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Meng is wrong. We know many examples where Sender-ID doesn't
work as expected, let alone with raped v=spf1 policies. All
these subtle problems like moderated newsgroups, Errors-To,
RfC 2476 MAYbe not, etc., and AFAIK nobody really tested this.
Seriously, folks, could we move a draft forward without having to worry
about what MS is doing, or even what Meng is doing?
Nowhere in any of the drafts does it say "MS may use it". If it really is
an OPEN protocol, then anyone is free to use it for whatever he wants, even
for solutions that work badly. If we try to codify who can use it and who
can't, we will end up losing our openness, which has always been our strong
suit. Ironically, that would make us more MS-like, not less.
I don't see Meng doing anything to hamper development. What I do see is
endless whining about whether he should or shouldn't talk to MS, when that
has nothing at all to do with the draft.
The list consensus is that the community does not support a
protocol which allows the use of v=spf1 records for PRA
checking.
This is expressed in Mark's Internet draft for Sender
Policy Framework. See section 4.0. A third party may use a
different algorithm for the check host function, as long as
the result is the same. PRA checking will not give the same
result.
ACK. It's also in the old draft-mengwong and in draft-schlitt.
I don't think this is correct. PRA is a different input to the check host
function, not a different algorithm.
Anyway, who really cares if people use it for something other than checking
MAIL FROM? They do so at their own risk.
Some people have expressed support for PRA checking, but
the list consensus does not support a protocol for spf2
which specifically supports PRA checking.
ACK. William's eh= and similar proposals solve the problem
for those who need it. Actually that can be done in a v=spf1
compatible way, new modifiers are possible.
Is there a way out of the problem of developing a protocol
for spf2, with Meng pulling in one direction and the
community at large pulling in a different direction?
If Wiliam's idea is not good enough for this purpose, no. If
Meng would accept William's v=spf1 compatible idea... <dream />
I have some ideas... I think SPF2 could be made more flexible to accomodate
checking other identities. I will reply to that other thread with some
thoughts.
The real issue is whether Meng is prepared to allow this
work to proceed.
Obviously Meng didn't object to be listed as co-author in the
actual draft. Maybe it's not about his permission, maybe he's
simply bound to remain silent. But that doesn't affect Mark.
Again, I don't think Meng is in a position to stop SPF (classic or spf2)
from going forward. Everyone is reacting to Meng like he kicked the cat.
Let's move forward.
gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>