spf-discuss
[Top] [All Lists]

Re: MS press release hypes SenderID

2005-03-04 05:42:44
Nico Kadel-Garcia wrote:

Maybe the primary inventor of SPF

You're not talking about Hadmut Danisch by chance ?

allowed Microsoft to adopt the mantle of SPF

No, you're talking about Meng, coauthor of both

draft-schlitt-spf-classic-00.txt
draft-lyon-senderid-core-00.txt

That's a confused young man, in the first paper he writes:

 [MAIL FROM identity]
| Checking other identities against SPF records is NOT
| RECOMMENDED because there are cases that are known to give
| incorrect results.

In the second memo he remarks:

| In order to provide backward compatibility for these domains,
| Sender ID implementations SHOULD interpret the version prefix
| "v=spf1" as equivalent to "spf2.0/mfrom,pra", provided no
| record starting with "spf2.0" exists.

This is a direct conflict, it's strictly impossible to follow
both recommendations at the same time.  Whatever the IESG
ballot means, it ended 6:3 for the first text (SPF) and 5:4
for the second text:

https://datatracker.ietf.org/public/pidtracker.cgi?command=print_ballot&ballot_id=1573&filename=draft-lyon-senderid-core

If that's the end result.  I've no idea how this stuff works.

Meng, it's time to step up and say "no, SenderID is not SPF
and never will be".

As far as I'm concerned Sender-ID PRA can be one protocol in a
"sender policy framework" identified by spf2.0/pra, and if the
SPF Council authorizes this spf2.0/mfrom could be just another
protocol in the same spf2.0 framework.  The latter could be
even backwards compatible with v=spf1.  And a hypothetical
spf2.0/helo might be also backwards compatible with v=spf1.

But spf2.0/pra is not backwards compatible, and never will be.

                      Bye, Frank