spf-discuss
[Top] [All Lists]

RE: Council: The Meeting on 2005-02-29

2005-02-24 12:10:52
Phillip Hallam-Baker wrote:
  * HELO checking:  Everyone agreed that HELO checking should be kept
    in the SPFv1 specification, and nobody made a motion to repeal the
    existing resolution[11].

I don't know why Microsoft is objecting to this, have we got any
details?

I'll let Meng answer this one.

Julian added that within the field of content-bound (as opposed to
transport-bound) authentication methods, he actually preferred
full-blown message cryptography methods such as PGP and S/MIME.

S/MIME and PGP both have serious problems when it comes to ubiquitous
use. Eudora reacts baddly to S/MIME and PGP mail unless it has the
right plug in. Older AOL software gives spurious warnings, it's a mess.

That is no argument against S/MIME or PGP, but only against the use of
Eudora and older AOL software as tools in an e-mail world that wants to be
secure.

Also, he and Wayne voiced some reservations against the equivalent use
of transport-bound and content-bound methods (i.e. SPF and IIM/DK) to
compensate for the shortcomings of each, and they promised to
elaborate on the spf-discuss mailing list.

They are not equivalent, that is part of the point, the systems fail in
different ways.

I did not say SPF and IIM/DK were equivalent, please read thoroughly what
I wrote.  Of course I am fully aware of their differences.  I called equal
treatment of the results of SPF and IIM/DK checks an "equivalent use of
[SPF and IIM/DK]".  This is exactly my point: SPF and IIM/DK are not
equivalent, so their results should not be treated equivalently without
thought and full awareness of the consequences.

No, I am not fully aware of the consequences myself yet.


<Prev in Thread] Current Thread [Next in Thread>