spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Standards process

2007-03-25 16:46:32
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
Julian Mehnle wrote:
we could approve an erratum specifying that v=spf1 be applicable for
PRA checks.

That's unlikely to get consensus, and one interpretation of the IESG note
would also make it redundant... :-(

Of course it would break most v=spf1 records.

No, it breaks only those policies where PRA != MAIL FROM cases are
"legit" as defined by the publisher of the policy.  That's nowhere near
to "most", quite the contrary.

No, actually it would break _all_ the v=spf1 records whose owners weren't 
or aren't aware that there is a PRA interpretation for v=spf1.  Most 
records may be incidentally correct at any point in time, but as soon as 
the domain owner changes their e-mail sending infrastructure or "From:"/
"Sender:" header usage patterns, their record will break.

Existing "v=spf1" records don't just carry the explicit information stored 
in their contents, but also the implicit expectation that semantics will 
remain unchanged.

How serious are we about killing SenderID ?  I think it's possible, using
the "standards process" and the magic word "updates 4406" or similar.

Standards track RFCs don't "update" experimental ones, do they?

I think any attempts to get "v=spf1" to "Standard" status are a waste of 
time.  What is there to be gained?

I'll say it again: Let's spend our efforts on v=spf3 instead.

The longer I think about PRA the more I come to the conclusion that it's
only a crude and unnecessary emulation of v=spf1 with no real benefits of
its own.  Putting these conclusions in an I-D is a very attractive plan,
it's also what Keith recommended months ago (2005).

Well, the damage is already done.  What is there to be gained by turning 
<http://www.openspf.org/SPF_vs_Sender_ID> into an I-D?

maybe we suddenly stopped caring about that?  After all, RFC 4408 is
just of "experimental" status, right?

Nobody here stopped caring about it, and "PRA" is certainly at the core
of the issues why v=spf1 is experimental.  Now after the weird anti-spam
crowd moved on and has DKIM as new toy, we could clean up this mess:
v=spf1 got it right, PRA got it wrong.  Tons of reasons, all simple,
clear, compelling, and strictly technical.

The same applies to not grafting as-of-yet-unspecified <target-name> 
validation onto RFC 4408.  Yes, not specifying it was a mistake (I think I 
said that a long time ago).  However, shit happens and we cannot change 
the v=spf1 specification to such an extent now.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGBwmRwL7PKlBZWjsRArgpAJ0eKCPbla/T88tRed6QPmDjM9ibkgCfaDsf
7URcWJIWFj2SxFbT2OIpyVc=
=PoyA
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>