"wayne" <wayne(_at_)schlitt(_dot_)net> replied:
In <083001c555da$80f30990$0600000a(_at_)john> "Chris Haynes"
<chris(_at_)harvington(_dot_)org(_dot_)uk> writes:
The MARID process proposed the use of the identical SPF record syntax
against different entities - the 'PRA', but with that intent recorded
by using a 'spf/2.0' prefix to the record.
Yes, but the I-Ds that the MARID folks submitted now says that spf/2.0
records are optional and v=spf1 records can be used for the PRA
scope.
As the IETF is an engineering-driven organization, the following
wording SHOULD be acceptable to them and, if respected by other
experiments, would meet the concerns of the SPF community:
--------------
Checking other identities against SPF records prefixed by 'v=spf1' is
NOT RECOMMENDED because there are cases that are known to give
incorrect results
---------
As mentioned elsewhere on spf-discuss recently, this sentence has
grown to be a paragraph that currently says:
Without explicit approval of the record owner, checking other
identities against SPF version 1 records is NOT RECOMMENDED
because there are cases that are known to give incorrect
results. For example, most mailing lists rewrite the "MAIL
FROM" identity (see <xref target="mailing-lists"/>), but
some do not change any other identities in the message. The
scenario described in <xref target="forwarding"/>.1.2 is
another example. Documents that define other identities
should define the method for explicit approval.
The essential change is the addition of the words "prefixed by 'v=spf1' ".
Well, I currently say "SPF version 1 records", which I think is
clearer, but yeah, something like that.
IMHO, this meets our concerns, but leaves those running the 'other
experiment' free to continue - so long as they use the different
prefix they proposed during MARID.
But that's the problem. Not only didn't the MARID folks follow
directions, but Meng is making the claim that SPF-classic won't become
an RFC if we have anything like the above paragraph in the SPF-classic
draft. Meng even said that MS is "cooperating" with us because they
haven't submitted their own SPF draft to be used instead of
draft-schlitt-spf-classic-00.
-wayne
If it were me, I would keep the two issues (what our spec. says and what other
parties are actually doing) as separate as possible.
Let's retain the engineering / moral high ground by remaining factual and
rational. Let's also assume that the IETF is not entirely synonymous with any
particular commercial organization, and give it 'the benefit of the doubt' as to
whether it will or will not permit one 'experiment' to abuse another.
The current versions of the wording ('SPF version 1") - as you quote above -
ought to suffice. Let's get _the fact_ that different entity tests can give
results unintended by the publishers of the records established and accepted
first.
If the facts are not denied, we are then in a _much_ stronger position to deal
with the politics.
Chris Haynes