On Mon, 2004-11-22 at 23:20 +0000, Chris Haynes wrote:
"Meng Weng Wong" reported:
I think this is a totally unacceptable statement to put on the official SPF
list. With no caveats or warnings, the inference is that "SPF" (whatever or
whoever that is) tolerates or even supports this (ab)use of SPF by Microsoft.
I'm pretty sure the majority view here is cautious about or hostile to
Microsoft's actions.
And BTW, have Microsoft themselves actually gone public about Sender-ID being
an
MUA test? I know Meng has forecast this, and I know many of us (and those on
MARID) have suspected that this logically has to be their ultimate intent,
but I
thought the understanding here (reiterated in another post by someone earlier
today) was that MS had not yet publicly positioned Sender ID as an MUA test.
You wouldn't believe the crap they are spewing. As a participant of the
Canadian Task Force on Spam, we've been reviewing a document soon to be
published full of "Best Practises" suggestions to be handed down to
Canadian ISP's and other related businesses and I've personally (and
officially this morning successfully!) lobbied for appropriate wording
in this document. During this process I received the following response
from John Weigelt, Chief Securit Advisor of MS Canada:
As is indicated below, the IETF terminated the MARID group before
adopting standard and as a result the Sender-ID specs have been
submitted as an experimental RFC. While the title might not indicate
a high level of technical maturity, the Sender ID specs are now fairly
stable and did receive community review.
I think it is important to note that both experimental RFCs
and draft standards have seen widespread adoption. As a result I
believe that there is merit in retaining the Sender ID references in
the document, with the correction noting the SPF and CallerID
heritage.
Don't you just LOVE the fairy tale?! WIDESPREAD ADOPTION? Who are they
kidding?!
SPF (however 'modified') is not intended for MUA use and would have a basic
security flaw:- the MUA has no trusted way of knowing the IP address from
which
the eMail was sent. [At least not without something like an additional,
crypto
supported MTA-to-MUA protocol - which I wrote about in detail during the MARID
process].
Quite frankly, I feel that obviously-controversial changes like this to SPF's
'official' positioning should not be issued until the new gang-of-five has
been
elected; they should be deciding these policy-related matters.
I believe this paragraph of the message should be withdrawn immediately.
As do I.
I second your disgust.
SenderID is crap. And its ___WAY_MORE_FUCKING_BROKEN_THAN_SPF___ and
its got a hole entourage of IPR issues to boot. Seeing such a message
worries me as to just how much influence MS is able to exercise over
Meng, or worse, that he sees SenderID as an actual future. Thats almost
laughable.
I anxiously await a move away from this list, the "official" SPF
website, and anything to do with it whatsoever. I don't think I've ever
felt like I've wasted more time on a project than perhaps I have with
SPF, and I say wasted because thats precisely what I mean. We could be
so much farther ahead were it not for the absolute farce of a "merger"
we had forced upon us.
Cheers,
James
--
James Couzens,
Programmer
^ ( ( (
((__)) __\|/__ __|+|__ '. ___ .'
(00) (o o) (0~0) ' (> <) '
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part