[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
william(at)elan.net
On Wed, 3 Nov 2004, Hallam-Baker, Phillip wrote:
In this case they may actually be interested in technolog a
lot more then usual and in details of those technologies.
This is pretty rare of such government agencies.
Its unlikely that they would take that input in public.
If your objective here is to achieve some form of endorsement you
certainly do not want internal industry squabbles being
laundered in
public.
I have doubts they will provide official endorsement but who knows...
Most likely that what they would do is to tell US federal govt. offices to
implement. This sets a very big precedent.
The party line is that publishing SPF syntax records is safe, has
minimal operational impact on senders and brings significant
advantages.
That is exactly the problem - it is not safe with PRA
algorithm and has
possibility of significant operational impact (on senders
whose email is imroperly rejected)
Rubbish. This is not about FSF ideology, in the real world the spec works
fine from an engineering point of view.
Cryptographic authentication such as that proposed in IIM
and Domain
Keys provides significant additional advantages, particularlyfor
brands targetted by phishing but does have a significant
operational
impact
The meaning of word "impact" is important here. If you mean
that it requires more programming and changes to support such
technology, then it is true,
Sender-ID is a trivial commitment for most senders, not even a software
change. Cryptography requires a new server deployment, possibly crypt
acceleration hardware etc. Its not a major commitment but it is not
negligible.
But if it we take impact to mean how it effects senders as
impact on what of their emails get through or not, then
cryptography is better and safer and has less impact on email
infrastructure.
Cryptography is more likely to work through forwarders without problems.
and there is not currently a consensus industry specification,
although
this is rapidly converging.
Most of emails software used in the world is made by authors
of F/OSS and they are not part of what you might want to call "industry"
and are not involved in what you want to call a consensus.
F/OSS is part of the industry.
The OSS community as a whole does not lead, individuals who happen to be
members of the OSS community lead.
The
specification that they agree to implement are email RFCs
produced by IETF and so far IETF has not
been willing to be put in the position of political pawn for
some large
organizations who want people to implement their propriatary
solution.
I do not anticipate that the IETF will have a large say in the decision
making process in this instance. Nor does it appear that they want such a
role.
Phill