spf-discuss
[Top] [All Lists]

Re: This is ridiculous.

2005-06-05 13:24:29
wayne wrote:

  [John said]
If you want to apply for a standard for v=spf1, see the
IESG reject the request

First of all they'd have to do this, and so far they didn't.

Then they'd also need a reason standing in public, e.g. why
they think that 95% percent of email from Carl's POV, or why
several hundred thousands of domains, or why at least six (?)
independent and interoperating implementations, or why more
than 18 months of v=spf1 deployment describe an "experiment".

They'd have to answer this in public.

  [plan B]
that is a road I can't follow.

My best guess is that that's a road "the IESG" won't follow.

If v=spf1 would be flawed it _should_ get status "historic"
(after a dummy "informational" or "experimental" period).
But it's not, so "proposed" is fine.

We need to remember what the IESG said when closing down
MARID:

IIRC "the IESG" never said this...

| Rather than spin in place, the working group chairs and
| Area Advisor believe

...see, the area advisor of the former WG and the former WG
Chairs, after closing the WG in violence of RfC 2418, offered
some private opinions.  That's at best 1/13 of the IESG, and
Ted is off this hook now - he only promised to support some
experimental drafts based on MARID.

Based on MARID would be spf2.0/mfrom and spf2.0/pra.  Neither
Mark, nor Wayne, nor anybody else in the SPF Community were
excited about this offer, and therefore Mark / Wayne / "we"
(in that case it includes you IIRC) resumed the work on v=spf1.

While you could consider v=spf1 as roughly compatible with the
(in practice non-existing) spf2.0/mfrom it is _semantically_
incompatible with spf2.0/pra.

That was the reason why MARID invented spf2.0/pra, because they
are partially incompatible.  There's a complete draft about the
differences, its title is draft-lyon-senderid-core-01

It only has a fatal bug in one SHOULD about the compatibility.
Otherwise it's fine, let them experiment with PRA on the solid
ground of the future proposed v=spf1 standard.

No reasons for Harry and Jim to reinvent the wheel like error
handling and processing limits for their PRA experiments.  As
long as they don't abuse v=spf1 policies all _could_ be okay.

From the perspective thof this SPF community member, the
"IESG review process" was pathetic.

The confusion about the "version" was _real_ and the [Discuss]
about it was removed after changes in the draft.  The [Discuss]
about the "zone cut" was _real_ and the "zone cut" was removed
from the draft.

Almost all of the comments, suggestions and corrections that
I have received are a result of me directly soliciting
comments from here and on the various IETF mailing lists.

And you'll get some more in the "last call", but I hope that
all serious issues in draft -00 will be soon resolved in -02.

I received one (1) email from a DEA member, which asked, in
part, why this wasn't being done as a Standard Track RFC.

Now that was a good idea, addressed by drafts -01 and -02 ;-)

if the IETF rejects it now, I don't see that it would slow
down SPF that much.  (Yes, IETF approval would speed things
up, which would be good.)

"The IETF" is challenged to find real bugs in the "last call".
Personal opinions of bounces-to fans are no bugs and not good
enough to reject it.  "The IETF" also can't approve it, you
probably wanted to say s/IETF/IESG/

Please let's be clear with these details.

I appreciate that while the IESG process has been ongoing,
field testing of various proposals has continued.

There appears to be some field testing of DK, but I haven't
seen any indication that there are test going on with the
MARID protocols.

+1  AFAIK Sendmail tested PRA, I've no idea about any results.
If they tested PRA with v=spf1 policies the results would be
probably meaningless, unless they monitored false positives.

I don't see the deployment of SPFv1 ending any time in the
near future.

+1  The other LMAP proposals or DKIM don't address what v=spf1
does, backscatter.  And as basis for reputation systems a PASS
isn't better or worse than whatever the others systems offer.

Carl's "assume innocent until proven guilty" interpretation of
PASS is actually a good idea.
                              Bye, Frank



<Prev in Thread] Current Thread [Next in Thread>