spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Design bugs in v=spf1

2006-09-19 14:53:04

On Tue, 19 Sep 2006, wayne wrote:

In <200609192015(_dot_)25713(_dot_)julian(_at_)mehnle(_dot_)net> Julian Mehnle 
<julian(_at_)mehnle(_dot_)net> writes:

Ok, that said, I really don't think we should do anything serious with
SPFng until the IETF allows us to create a WG that can put SPFng on
the standard track.  That is, about 1.5 years from now.  Collecting
ideas is a good idea though.

Who said the IETF wants us to daze for another "1.5 years from now"?  That
may be a misconception.

Unrelated to what the IETF wants, I seriously doubt that we can afford to
wait anytime near that long with another revision of SPF.  We ought to
offer the policy semantics that people are going to miss with DKIM, and
(IMO) more importantly (althouth people don't yet recognize it), PGP and
S/MIME.

I will, again, go on record as saying that I think that nothing could
be more damaging to the success of SPF than a premature design of an
"updated version".  Protocols are not software projects.  With
software, release early, release often, works very well.  With
protocols, you need stability.  It takes a very long time for a
protocol to become widely adopted and fully exploited.

Fixing small bugs in protocol is however ok. We can do it by releasing
info about how to deal with particular special case flow in tech document on SPF website. Those are the kind of things that IETF
deal with between proposed->draft->standard RFC levels.

More email gets validated every day with SPF than have ever been
validated with the PGP (all variations), PEM, S/MIME, etc. combined in
the history of their existence.  They have filed in the market to
become a general usage standard.  They have useful special-use cases,
but they are not worth break the pre-DATA advantage that SPF currently
has.

We will know that it is time to start another revision of SPF when
people who have not participated in SPFv1/SenderID start coming in and
saying "I like SPF, but it needs to do <xxxx> too".

I disagree. The designer should be pro-active in anticipating where
the protocol can be useful which normal user might not realize.
Additionally any kind of redesign takes quite a bit of time, so by
being pro-active and anticipating you're able to deliver when user
does come in a lot faster.

This isn't
happening.  It is people who like creating new stuff that want to
create a new version of SPF.  If you want to create new stuff, find
something other than a new version of SPF.  At least for the next
several years.

-wayne

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com