On 02/21/2006 20:55, John Kelly wrote:
On Tue, 21 Feb 2006 20:25 -0500, Scott Kitterman
<spf2(_at_)kitterman(_dot_)com>
wrote:
This list has nothing to with Sender ID.
Thanks for the clue.
If there is a problem it with sender ID.
They could say the same thing about SPF.
Just to amplify, Sender ID is a proprietary attempt to mandate behavior
that no internet RFC requires.
Their experimental sender-id RFC is no more (or less) experimental
than your experimental SPF RFC.
That's true, but if you want to play RFC games, the SPF RFC is a normative
reference in the SID RFC and so the SID RFC contradicts one of it's normative
references. The reverse is NOT true, so in that sense one is more equal than
the other.
The IESG has said that the SID RFC can not advance to standards track as is
because it conflicts with existing standards (not the SPF RFC). They didn't
say that about the SPF RFC.
I don't think you'll find many (if any) on this list that care to redesign
mailing lists to support Microsoft's patented attempt to block free
software.
Ooooh. Sounds like I should be real scared of Microsoft.
No. Just saying. They promised and had ample opportunity to license their
pending patent in a way that was compabitle with all the major MTAs and they
chose not to do so. I read into that a desire to use SID for competitive
advantage. You may have a different view and you may even be correct.
But I read what sendmail said about Microsoft's license and patents,
and they're not worried about it, so why should I be?
As long as it's a separate piece of code in the milter, then it's not a
problem. Sendmail, Inc. could also release it in the commercial release of
Sendmail, but I think they would have problems with that in the core of the
open version.
I would not want to be the first person to do a GPL implementation of SID and
have MS find out about it. I don't know what would happen, but I don't want
to be the guinea pig.
Just for comparison's sake, look at the licensing terms Yahoo is
using for DKIM.
I'm implementing all three: SPF, sender-ID, and domain keys too.
You're welcome to do that. Personally, I wouldn't tie my business to anything
that was dependent on Microsoft's good will, but your business, your
decision.
It's high time to start shredding bogus mail, and get it off the
Internet. There's too much mail anyway. Who can read all this
garbage?
Agreed.
I'm not talking about the SPF RFC.
If you follow the IETF general list (or look in their archives), you will find
that there were multiple appeals against the SID draft, now neither of those
really touch on the issue I'm getting to.
The RFC that describes mailing list operations (and I think this is part of
822/2822, but it may well be another RFC entirely, I'm sure Frank will be
along shortly to straighten me out on that) says that mailing lists MAY add a
Sender. To comply with Sender ID, that MAY becomes a MUST. That's what I
mean. The header field that listbox "Fails" to add is strictly optional.
So, make what you will of that. Personally, I think that if you are worried
about message and address integrity within the body of a message, you'd be
better off with a cryptographic approach such as DKIM than with SID.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com