spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Council: Weekly Meeting on 2005-01-15

2005-01-16 10:29:20
from [Julian Mehnle] [Permanent Link] 
The Weekly Council Meeting on 2005-01-15
----------------------------------------

On Saturday 2005-01-15 at 19:15 UTC, the council held its weekly meeting
on IRC[1].  There was a pre-planned agenda[2].  Chuck, Julian, Mark, and
Wayne were present; Meng was absent.

As usual, the first item was the Chairman's report.  Chuck reported that
he had been working on a "Sender-ID" position statement, which he had
wanted to finish the prior week but had not managed to do so due to being
short of time, and that his statement would include a gentle discussion
of PRA.  He also signaled that he would make an elaborate proposal to the
AMSG committee[3] by Monday.  Chuck also admitted that he had not managed
to continue working on the press release regarding the official IETF
submission of the SPF specification draft.

Meng was not present, so the Executive Director's report once again had to
be skipped.

As the next item, Julian suggested that simple weekly statistics[4]
(including the number of messages and the number of distinct topics) for
the private council mailing list[5] be published in order for the
community to gain an idea of how much private discussion was taking place
within the council.  The suggestion was unanimously accepted.  Wayne
offered to take care of the implementation.

Following that, several aspects of the SPF specification and the standar-
dization process were discussed:

  * Wayne reported that within the IETF, the draft-schlitt-spf-classic-00[6]
    specification draft had been conveyed to the Directorate for DNS and
    Email Authentication (DEA), which is working in private by IETF
    standard policy.  The DEA would contact the drafts's authors, Meng and
    Wayne, for any questions and comments.  Wayne also stated that he had
    informed all relevant IETF working groups about the draft and that the
    DNS groups had raised objections, mostly regarding the zone cut
    default mechanism, but the e-mail working groups had not expressed any
    disfavor.  Wayne said that was working hard on another iteration of
    the draft.

  * Julian wanted to know what needed to be done in order to get the new
    SPF DNS record type allocated by IANA.  Wayne explained that the
    allocation would happen as part of the process of the SPF Internet
    Draft (I-D) becoming a Request For Comments (RFC).  Julian suggested
    that after the allocation happened, the individual producers of DNS
    server software would have to be contacted and asked to implement the
    new record type.

  * Concerning the Authentication-Results: header[7], Julian declared that
    he was strongly leaning towards making use of it for the SPF
    specification as the long-term successor of the custom Received-SPF:
    header, so as to avoid actively promoting two distinct headers with
    distinct formats.  Wayne and Mark concurred in that this was not a
    priority, but Wayne acknowledged that a jointly standardized header in
    consultation of the other sender authentication technologies'
    designers would be valuable.  Thus Julian solicited comments on the
    problems of the current Authentication-Results: specification[7] with
    regard to SPF and promised to talk to the header's designers about it.

  * Julian noted that he wished for a clearer vision of HELO checking[8]
    in the SPF specification.  He explained that since RFC 2821 already
    authoritatively required the HELO identity to be a valid FQDN, it were
    only consequential to at least clearly recommended ("SHOULD") HELO
    checking instead of merely suggesting it ("MAY").  Mark and Wayne
    showed basic consent with this assessment, so Julian offered to submit
    a precise modification proposal for the draft.  On a slightly
    different matter, after it became clear that Julian did not want to
    contradict RFC 2821 by suggesting -- in order to avoid the need for an
    additional SPF record -- that MTAs say "HELO domain" instead of
    "HELO mx.domain" whenever domain and mx.domain denote the same host,
    this issue was quickly found to be uncontroversial.

The next issue was how the project should deal with FUD[9] and
misinformation about SPF by Yahoo[10].  Wayne suggested that if Yahoo kept
spreading such FUD the project should contact them and talk to them about
it, and that otherwise they should just be ignored.  Mark and Julian
agreed that continued misinformation were indeed unacceptable.  After some
discussion, it was unanimously decided that a counterstatement to frequent
FUD regarding SPF be created[11].

As the last planned item, Julian brought up the outdatedness of the SPF
reference implementation[12] (Mail::SPF::Query[13]) and the test
suite[14].  It was commonly agreed on that at least either a good
reference implementation or a good test suite was required in the mid-
term.  Wayne preferred the former while Julian preferred the latter, but
no one dismissed the value of either.  After some further discussion it
was unanimously decided that both should be worked on[15] with medium
priority.  Chuck wanted confirmation that if the reference implementation
was supposed to be production-grade software, it should -- like all
production-grade software managed by the project -- be packaged in a most
usable manner.  No one disagreed with that, but it was clarified that the
reference implementation was primarily supposed to serve as sample code to
supplement the SPF specification.

Finally, Julian noted that he planned to conduct a community-wide test
vote using the Condorcet Internet Voting Service (CIVS)[16], possibly also
conducting the same vote using John Pinkerton's apportioned approval
voting system[17] in parallel, to evaluate the available options for
community-wide votes and council elections.

The meeting was then concluded at 21:05 UTC.

Julian Mehnle,
SPF Council Secretary.

References:
 1. http://www.schlitt.net/spf/spf-council/2005/01/15_irc_log.html#20050115T1914
 2. http://moongroup.com/pipermail/spf-council/2005-January/000132.html
 3. http://spf.mehnle.net/Council_Resolution/9
 4. http://spf.mehnle.net/Council_Resolution/18
 5. http://spf.mehnle.net/Council_Information_Resources
 6. http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-00.txt
 7. 
http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-00.txt
 8. 
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200501/0032.html
 9. http://en.wikipedia.org/wiki/FUD
10. 
https://antiphishing.kavi.com/events/Conference_Notes/sender_auth_myths_and_domainkeys.pdf
11. http://spf.mehnle.net/Council_Resolution/19
12. http://spf.pobox.com/downloads.html#spfquery
13. http://search.cpan.org/dist/Mail-SPF-Query
14. http://www.schlitt.net/spf/tests/
15. http://spf.mehnle.net/Council_Resolution/20
16. http://www5.cs.cornell.edu/~andru/civs
17. http://spfvote.idimo.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Council: Weekly Meeting on 2005-01-15, Julian Mehnle <=
Previous by Date:  RE: SPF icon, william(at)elan.net
Next by Date:  RE: SPF icon, Stephen Pollei
Previous by Thread:  Contact us text on spf.pobox.com, Koen Martens
Next by Thread:  Off-topic: mydnsbl (my "too many failures BL") moving from investigation to testing, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]