-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Chris
Haynes
Sent: Tuesday, October 26, 2004 3:53 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: New ideas for RFC2822 headers checking
with SPF
"Seth Goodman" asserted:
<snip>
This would all be a lot simpler if we could build two simple requirements
into any _future_ authentication standard that go beyond RFC2476:
1) The MSA MUST authenticate all users and MUST NOT accept
submissions from unauthenticated users.
2) The MSA MUST reject any message with an originator identity that the
MSA cannot ascertain the authenticated user has the rights to use.
In the last few days of MARID (which was a bad idea, since
everyone's attention
was by then on the politics, not on the technology) I proposed a scheme in
which:
1) The MSA included a marker in the 8221-phase declaring that it
_had_ done the
above checks,
2) SPF had a new modifier which declares:
- if the MSA 'sender-validated' marker is present then test
results for messages
eminating from that host may 'PASS', if that is what the rest of the policy
resolves to.
- If the 'sender-validated' marker is not present, then the test result is
limited to NEUTRAL at best (i.e. it acknowledges that unauthorised entities
could have used the address).
My concern was for those of us who have to use a shared outbound
MSA over which
we have no control.
Suppose my ISP were to declare a policy that it was henceforth
intending to do
just what Seth lists above.
If I publish a '+' against that ISP's servers (and don't have the
protection of
a scheme such as the one above), and they then:
- change their policy,
- mis-configure their servers,
- lost contact with the associated authorities database yet carry
on sending,
-etc, etc,
it is my '+' policy declaration which is compromised without my
knowledge or
ability to detect.
If the marker disappears from any particular message, the modifier
in my policy
would say "convert a '+' result into a '?'".
If people are interested I could re-post the detailed proposal
here. Actually it
would be a re-work of my original plan, as since then I've thought
of a better
way to aid migration.
Any interest?
Chris Haynes
I remember your proposal. Other than protection for transient authorization
failures (which I don't think are a significant risk), I don't recall seeing
a benifit to your proposal that couldn't be obtained by putting ? in front
of the mechanism. If you go Dig for my SPF record you will see that I've
done just that.
Unless I'm missing something significant, it seems like additional
complexity to little or no gain.
Could you publish the URL from the MARID archives for your original post?
Scott Kitterman