Scott Kitterman wrote:
What are we supposed to do with SID and PRA? There is no
good answer. In 95% of cases whatever advice we give for
SPF will work out OK for SID too.
What do we, as a community, want to do with the 5%?
If we do anything at all it should be absolutely clear that
it's no SPF problem, but _abuse_ of v=spf1 for PRA, you said
_reuse_ (BTW, Hector reports only 80%, not 95%, and I can't
judge what's closer to reality).
PRA proposes to opt-out with a dummy "spf2.0/pra", but so
far we're not sure that this works (Wayne's tests didn't
confirm it, they are inconclusive).
Playing tricks with Sender should work where it's possible,
but the result might not reflect relevant standards. The
cited openspf page says "suspicious", and it offers a better
(better ignoring PRA) solution, don't add a dubious Sender.
A radical solution could be Resent-Sender: pra(_at_)is(_dot_)invalid
There is no clean way. :-( And it's not "our" fault, for
a definition of "our" excluding Meng for the moment, AFAIK
he's not planning to s/mfrom,pra/mfrom/ - that could solve
all problems, only four letters in senderid-core. Sigh.
I really think that the appeal needs to be filed and we
need to be on record opposing what they are doing.
I also don't think that any appeal or argument we make is
going to get them to stop.
I'm not sure about the latter. I really don't see why Russ
or Margaret should be interested to screw up SPF. Maybe it
is some group dynamics within the IESG:
Somebody likes some drafts (the shepherd, Mr. Hardie), so
just say "no objection" to the whole package, don't be a
spoil sport. Or a deal, I stay away from your stuff if you
stay away from my stuff (= shepherded drafts). Or both.
In the worst case they have Meng as a scapegoat, and this
impressive IESG note telling readers that something is odd
with these drafts.
I think it's unfair of us not to warn people when we can.
I expect this will be controversial.
No, I've no problem with warning people. I only want to
have it clear that it's 1) not our fault, and 2) it might
be more difficult than "just add a Sender". We (TINW) don't
know a foolproof solution, we can only offer quick and dirty
hacks without guarantee.
Users should send any complaints to MS / Meng / IESG, but not
to Wayne / this list / spf-help / you. And as far as the
IESG is conncerned, it also wasn't the fault of Sam or Scott H.
For the rest of the IETF: Wayne / William / Ned / Keith and
many others incl. me are innocent. Most of them have no idea
what SPF or PRA is. The latter is no excuse for the IESG,
they are supposed to understand why there were [Discusss] and
later [Abstain], or aren't they ?
They aren't free to block RfCs for frivolous reasons, add this
to the list of what might have gone wrong, before we come to
the conspiracy theories.
Bye, Frank