spf-discuss
[Top] [All Lists]

Inter-operability protocol

2005-05-18 18:02:31
At 03:59 PM 5/18/2005 -0400, Michael Hammer wrote:

On 5/18/05, william(at)elan.net <william(_at_)elan(_dot_)net> wrote:
>
> http://emailauthentication.org/summit2005/agenda.html
>
> This meeting has a lot of items in agenda on SPF but it seems to be
> controlled by "industry" in particular DMA, Microsoft and their friends
> are over-represented there and I suspect they will be talking about SID.
>

Actually, I believe they will be talking about SID as encompassing
SPF. There was a presentation at Information Security Decisions
(Chicago, May 8-10) where the presenter spoke of SID as the "successor
to SPF". I waved my hand and pointed out the Councils statement,
pointed out the potential for problems where PRA is applied to SPF1
records and suggested that anyone interested should check out the
SPF-DISCUSS list.

Personally I think the Council should step forward and force the issue
with the organizers of this conference. If the Council cannot control
their own standard then it isn't much of a standard. The fact that a
member of the Council will be there and NOT addressing the issues per
the stance of the SPF Council and SPF Community is a shame.

Seems like a futile battle to me. The best you can do is hold them back for another year. If they really are abusing SPF1 records, the best way to make that clear to the world is rapid deployment. Don't give them any more time to patch their product until nobody can tell what it is, but it is actually SPF1 in disguise. :>)

The best thing we can do right now is establish a simple protocol within which all methods can operate, and the rest of the industry, not involved in this competition, can move forward. I'm talking about simple things like how the sender should declare its identity ( *how*, not *what* identity ). Until there is at least a de-facto standard on this and a few other simple items, there will not be widespread use of authentication, domain-rating services will not emerge, and we will never get to the point where every domain wanting to operate a Public Mail Server feels the need to authenticate.

I've written a few proposals, and I'm ready to submit one (the Identity declaration) to the IETF. Anyone wanting to help is welcome. I'm particularly interested in avoiding anything that will make it difficult for SPF to adapt.

The Sender's Declaration of Identity proposal can be found at purl.net/macquigg/email draft-macquigg-authent-declare in various formats (txt, htm, rtf). There is also a discussion on ietf-smtp.

--
Dave
************************************************************     *
* David MacQuigg, PhD      email:  dmquigg-spf at yahoo.com      *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                   9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.              Tucson, Arizona 85710        *
************************************************************ *


<Prev in Thread] Current Thread [Next in Thread>