On Wed, 31 Jan 2007, Julian Mehnle wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I have taken the time to finalize my "english, no plugs" translation of
DougO's draft-otis-spf-dos-exploit document as well as our analysis and
rebuttal:
http://www.openspf.org/draft-otis-spf-dos-exploit_Analysis
If you think that anything significant on that page should be changed or
improved, please raise your voice (no need for nit picking, though).
Thank you very much for doing it. Page looks quite correct as far as
general rebuttal overview. I did not check your "no plugs" text
entirely though...
If/when the new council agrees, I propose we link to that page from the
front page or from a future news announcement on spf-announce.
I'm generally against this going to spf-announce and front page
(but this is of course up to the new council)
What would probably be good however is ato have "spf security"
page (linked from home page) which would have section on reported
possible exploits involving SPF. Need more content though before
creating such a page. Other things I could think of that could go
in there are recommendations on how to setup SPF records safely
(i.e. verify that netmask is right [do not whitelist all net
accidently]; verify all records linked using include and exists
on regular basis; do not setup extra macros unless its really
required; use of "-all", "~all" and "?all" - possibly separate
page recommendations for that), etc.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735