At 03:59 PM 5/18/2005 -0400, Michael Hammer wrote:
On 5/18/05, william(at)elan.net <william(_at_)elan(_dot_)net> wrote:
>
> http://emailauthentication.org/summit2005/agenda.html
>
> This meeting has a lot of items in agenda on SPF but it seems to be
> controlled by "industry" in particular DMA, Microsoft and their friends
> are over-represented there and I suspect they will be talking about SID.
>
Actually, I believe they will be talking about SID as encompassing
SPF. There was a presentation at Information Security Decisions
(Chicago, May 8-10) where the presenter spoke of SID as the "successor
to SPF". I waved my hand and pointed out the Councils statement,
pointed out the potential for problems where PRA is applied to SPF1
records and suggested that anyone interested should check out the
SPF-DISCUSS list.
Personally I think the Council should step forward and force the issue
with the organizers of this conference. If the Council cannot control
their own standard then it isn't much of a standard. The fact that a
member of the Council will be there and NOT addressing the issues per
the stance of the SPF Council and SPF Community is a shame.
Seems like a futile battle to me. The best you can do is hold them back
for another year. If they really are abusing SPF1 records, the best way to
make that clear to the world is rapid deployment. Don't give them any more
time to patch their product until nobody can tell what it is, but it is
actually SPF1 in disguise. :>)
The best thing we can do right now is establish a simple protocol within
which all methods can operate, and the rest of the industry, not involved
in this competition, can move forward. I'm talking about simple things
like how the sender should declare its identity ( *how*, not *what*
identity ). Until there is at least a de-facto standard on this and a few
other simple items, there will not be widespread use of authentication,
domain-rating services will not emerge, and we will never get to the point
where every domain wanting to operate a Public Mail Server feels the need
to authenticate.
I've written a few proposals, and I'm ready to submit one (the Identity
declaration) to the IETF. Anyone wanting to help is welcome. I'm
particularly interested in avoiding anything that will make it difficult
for SPF to adapt.
The Sender's Declaration of Identity proposal can be found at
purl.net/macquigg/email draft-macquigg-authent-declare in various formats
(txt, htm, rtf). There is also a discussion on ietf-smtp.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *