Phillip Hallam-Baker wrote:
* HELO checking: Everyone agreed that HELO checking should be kept
in the SPFv1 specification, and nobody made a motion to repeal the
existing resolution[11].
I don't know why Microsoft is objecting to this, have we got any
details?
I'll let Meng answer this one.
Julian added that within the field of content-bound (as opposed to
transport-bound) authentication methods, he actually preferred
full-blown message cryptography methods such as PGP and S/MIME.
S/MIME and PGP both have serious problems when it comes to ubiquitous
use. Eudora reacts baddly to S/MIME and PGP mail unless it has the
right plug in. Older AOL software gives spurious warnings, it's a mess.
That is no argument against S/MIME or PGP, but only against the use of
Eudora and older AOL software as tools in an e-mail world that wants to be
secure.
Also, he and Wayne voiced some reservations against the equivalent use
of transport-bound and content-bound methods (i.e. SPF and IIM/DK) to
compensate for the shortcomings of each, and they promised to
elaborate on the spf-discuss mailing list.
They are not equivalent, that is part of the point, the systems fail in
different ways.
I did not say SPF and IIM/DK were equivalent, please read thoroughly what
I wrote. Of course I am fully aware of their differences. I called equal
treatment of the results of SPF and IIM/DK checks an "equivalent use of
[SPF and IIM/DK]". This is exactly my point: SPF and IIM/DK are not
equivalent, so their results should not be treated equivalently without
thought and full awareness of the consequences.
No, I am not fully aware of the consequences myself yet.