On Sat, 18 Jun 2005, wayne wrote:
Boyd Lynn Gerber writes:
After the last council session and what I read from the IETF/IESG, maybe
Maybe we should take some time and start developing it.
Personally, I do not think the time is right to start working on the
next generation of SPF. There is already enough confusion in the IESG
(and elsewhere) about whether SPFv1 is obsolete because SID uses
spf2.0 records.
I truely do not know when the right time maybe... but I know there is a
lot of confussion, I thought it might be because they(IESG) really want
the SFPv3. That is why I think it needs to be clear on the web site and
in announcements that SPFv1 is as we(The SPF Project) are concerned a set
Standard, regardless of what may be done else where. I really think this
is not clear. The message is not clear to everyone/anyone outside of SPF.
Or should I say it does not have the appearance of being clear! The SPF
project needs to send out the clear message that SPFv1 is a finished
project looking to the future. This needs to done in every thing the
project publishes or references. We need to be clear that we consider
SPFv1 a standard.
I am not suggesting to stop the work on getting the existing version as an
RFC, but with what has been happening a Revised/Version 2/3 SPF may make a
lot of sense. It seems they really want something that has come from the
1.5-2.0 years of SPF experience.
First off, the current SPFv1 spec does include things that we have
learned over the last 1.5 years. There are several features in the
mengwong-spf-* drafts that were never used widely, if ever, and they
have been dropped. Things that can be changed and are needed to get
approval from the IETF have been changed. The whole spec has been
gone over by many people in the last year and a half and I think the
result is *MUCH* clearer, more complete, and more accurate.
Yes, I agree. You have done a great job and so have others. That is why
the image of it being a finished project and a standard needs to be made
clear.
Secondly, I really doubt that the IESG cares that much about what has
been learned. I think they have given the "two year experimentation
time" as a stalling tactic in hopes that the market will have made a
decision by then, and maybe something better than SPF will come
along. (DomainKeys? IIM? S/MIME adoption?)
It probably is a stalling tatic, but when you read what is in the public
(not in the lists) It is not clear that it is a standard. I remember
working with SpamAssassin and they seem to make it clear what they were
and had a clear picture being communicated to all. SPF has not. We are
making progress with all the things being done. But it has not been very
clear since before MADRID.
I think we need to finish what we have started and not lose focus.
Designing a new spec is *much* more fun than getting a current spec
deployed, but I think getting SPFv1 widely deployed is much more
important than creating an SPF version 2 or 3.
I agree totally. But we should have a place where all the ideas are
listed in a central place. Where they can be easily reference. Maybe we
call it a wish list. The name really does not matter. But a public forum
that lists what we want and maybe references to what has happened on the
list.
Once I get my systems back up I will create a sample FAQ-O-Matic of what I
am talking about. I need to fix 8 systems and restore from backup 1 TB
first. Saddly my needs/wants have to after my clients/customers so I keep
money coming in to pay all the bills.
--
Boyd Gerber <gerberb(_at_)zenez(_dot_)com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047