[apps-discuss] Proposed "spfbis" working group charter

As discussed today in the APPSAWG meeting.  Comments welcome.

--- 8< --- snip --- 8< ---

Working Group Name:
	SPF Update (SPFBIS)

IETF Area:
	Applications Area

Chair(s):
	TBD

Applications Area Director(s):
	Pete Resnick <presnick@qualcomm.com>
	Peter Saint-Andre <stpeter@stpeter.im>

Applications Area Advisor:
	Pete Resnick <presnick@qualcomm.com>

Mailing Lists:
	General Discussion: spfbis@ietf.org
	To Subscribe:	    https://www.ietf.org/mailman/listinfo/spfbis
	Archive:	    http://www.ietf.org/mail-archive/web/spfbis/

Description of Working Group:
	The Sender Policy Framework (SPF, RFC4408) specifies the publication
	of a DNS record which states that a listed IP address is authorized
	to send mail on behalf of the listing domain name's owner.  SMTP
	servers extract the domain name in the SMTP "MAIL FROM" command for
	confirming this authorization.  The protocol has had Experimental
	status for some years and has become widely deployed.  This working
	group will revise the specification, based on deployment experience
	and listed errata, an will seek Standards Track status for the
	protocol.

	The MARID working group created two specifications for publication of 
	email-sending authorization:  Sender-ID (RFFC4405, RFC4406 and RFC4407)
	and SPF (RFC4408), with both having Experimental status.  By using
	IP addresses, both protocols specify authorization in terms of path,
	though unlike SPF, Sender-ID uses domain names found in the header of
	the message rather than the envelope.

	The two protocols rely on the same policy mechanism, namely a
	specific TXT resource record in the DNS.  This creates a basic 
        ambiguity about the interpretation of any specific instance of the TXT 
        record.  Because of this, there were concerns about conflicts between 
        the two in concurrent operation.  The IESG Note added to each invited
	an expression of community consensus in the period following these
	publications.

	Both enjoyed initially large deployments.  Broad SPF use continues,
	and its linkage to the envelope -- rather than Sender-ID's linkage
	to identifiers in the message content -- has proven sufficient among
	operators.  This concludes the experiment.

	This working group will therefore refine the SPF specification based
	on deployment experience and listed errata, and will seek Standards
	Track status for the protocol.  Changes to the specification will be
	limited to the correction of errors, removal of unused features,
	addition of any enhancements that have already gained widespread
	support, and addition of clarifying language.

	The working group will also produce a document describing the
	course of the SPF/Sender-ID experiment (defined in the IESG note
	on the RFCs in question), bringing that experiment to a formal
	conclusion.

	Specifically out-of-scope for this working group:

	* Revisiting past technical arguments that were covered
	  in the MARID working group, except where review is reasonably
	  warranted based on operational experience.

	* Discussion of the merits of SPF.

	* Discussion of the merits of Sender-ID in preference to SPF.

	* Extensions to SPF other than the one specified in the "scope"
	  document.  The working group will re-charter to process other
	  specific proposed extensions as they are identified.

	The initial draft set:
		draft-kitterman-rfc4408bis
		draft-mehnle-spfbis-scope

Goals and Milestones:
	MMM YYYY:	A standards track document defining SPF,
			based on RFC4408 and as amended above,
 			to the IESG for publication.

	MMM YYYY:	A document describing the SPF/Sender-ID experiment
			and its conclusions to the IESG for publication.

	MMM YYYY:	A standards track document creating the "scope"
			extension to the IESG for publication.