spf-discuss
[Top] [All Lists]

Re: Re: Appeal: Publication of draft-lyon-senderid-core-01 in conflict with referenced draft-schlitt-spf-classic-02

2005-08-26 11:20:38
On 8/26/05, Hallam-Baker, Phillip <pbaker(_at_)verisign(_dot_)com> wrote:
Let me phrase it this way: the IESG should not sanction conflicting
experiments by publishing conflicting specifications,

I agree.

But I do not believe that SPF and Sender-ID conflict in any way
whatsoever and this was accepted by the WG right up to the point where
people started to complain about IPR licenses.


Not quite correct. The reason that people did not complain was that
supporters of SID were pushing for use of SPF2 records at the time. It
was only after the announcement that SID would use (abuse) SPF1
records that it became an issue.

I do not think that the IESG should block a proposal citing a conflict
when the real animus here is entirely due to the IPR issue.


So all of the discussion on the spf-discuss list has nothing to do
with technical issues and has only been a cover for unhappiness with
IPR issues? I find that a stretch.

All SPF does is provide a mechanism whereby sending parties can describe
their outgoing edge mail servers. The recipient has the absolute right
to interpret that data in any way they see fit. That is the entire point
of a spam filtering scheme.


Let us remind ourselves what SPF stands for SENDER Policy Framework.
If the publisher of a record has no reasonable expectation of how that
record will be used and every expectation that it may be abused then
what incentive do they have to publish the record?

SPF does not describe outgoing edge mail servers.... it describes the
policies associated with the domain. The issue at hand is not whether
an individual recipient chooses to interpret the data a particular
way. Interpretation by the recipient is should I reject on softfail or
not or should I assign a point value in conjunction with other things.
Writing a standard which subverts the intent of individuals publishing
to a different and existing standard is simply unethical and wrong.

What happened was essentially a political move because people chose
not to publish SPF2 records for PRA. So, the response was to force
people to opt-out (publish an essentially meaningless SPF2 record)
because the SID camp was losing in the real world marketplace.

Nobody has ever demonstrated a conflict as far as I am concerned, all
attempts to allege a conflict begin, "the sender intends" which is
utterly irrelevant. The sender does not have the right to decide what
email client I use, they do not have the right to determine what spam
filter I use either.


An interesting argument. Of what value is publishing a record (of any
sort) if the publisher of said record has a reasonable expectation
that it will be used in arbitrary ways to the publishers detriment?
One argument that was put forth after the announcement that SID would
apply PRA to SPF1 records was that it was a conspiracy to get
publishers to yank their SPF1 records.

People and organizations chose to publish a record according to a
standard because they have a reasonable expectation on how that record
will be used. While there may be edge cases of abuse, the expectation
is that most people will respect the standard. That's why it's called
a standard.


Sender-ID simply describes one means of interpreting an SPF record. It
may or may not work, it may or may not be optimal, that is why it is an
experiment.


I can see someone using this "logic" in any number of circumstances....

"Your honor, I have this alternative means of interpreting what a red
stoplight indicates.....go go go as fast as you can".

An SPF record may be constructed in such a fashion that Sender-ID
verification is not possible. That is not a conflict, it is simply an
artifact that results from the baroque nature of the SPF spec.


You are implying that individuals published SPF1 records with the
intent of subverting SID verification. This is akin to blaming the
victim for the actions of the mugger. I would argue that most of those
who published SPF1 records did so with no knowledge or anticipation
that PRA would be applied to those records.

I do not believe that one group should be able to block a proposal they
do not like by alleging a non-existent conflict.


I don't hear anyone trying to block the SID proposal in its entirety.
I only see the blocking of an abusive portion of the proposal.

Why weren't the supporters of the SID proposal willing to go out and
promote use of SPF2/PRA format/records? I haven't seen any of the core
SPF activists oppose the use of SPF2 records by SID for PRA.

We again come back to the politics of the issue. SID was losing in the
marketplace (numbers of published records). A significant aspect of
these types of experiments is whether people buy in to the approach.
Applying PRA to SPF1 records was a way of sidestepping this issue
regardless of whether the (publisher)marketplace bought into SID.

Mike


<Prev in Thread] Current Thread [Next in Thread>