IETF Logo Mail Archive

Re: [apps-discuss] Updating the status of SPF

Julian Mehnle <julian@mehnle.net> Thu, 11 August 2011 21:09 UTC

Return-Path: <julian@mehnle.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F043D21F8AE6 for <apps-discuss@ietfa.amsl.com>; Thu, 11 Aug 2011 14:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLW6U6MX14pE for <apps-discuss@ietfa.amsl.com>; Thu, 11 Aug 2011 14:09:37 -0700 (PDT)
Received: from io.link-m.de (io.link-m.de [82.135.8.34]) by ietfa.amsl.com (Postfix) with ESMTP id 3989721F884C for <apps-discuss@ietf.org>; Thu, 11 Aug 2011 14:09:37 -0700 (PDT)
Received: from [10.0.2.15] (static-72-81-252-21.bltmmd.fios.verizon.net [::ffff:72.81.252.21]) (AUTH: CRAM-MD5 julian@mehnle.net, TLS: TLSv1/SSLv3, 256bits, AES256-SHA) by io.link-m.de with esmtp; Thu, 11 Aug 2011 21:10:09 +0000 id 000000000014901B.000000004E444531.00007498
From: Julian Mehnle <julian@mehnle.net>
To: apps-discuss@ietf.org
Date: Thu, 11 Aug 2011 21:10:03 +0000
User-Agent: KMail/1.9.9
References: <201108092337.39408.scott@kitterman.com> <F5833273385BB34F99288B3648C4F06F13512DF6CD@EXCH-C2.corp.cloudmark.com> <CAHhFybqGT8z8ZM7LUP2B7YTVKi-bPH37ZQN896en1DaEpsTTjA@mail.gmail.com>
In-Reply-To: <CAHhFybqGT8z8ZM7LUP2B7YTVKi-bPH37ZQN896en1DaEpsTTjA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2055963.Rcxim0pWXc"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
Message-Id: <201108112110.07285.julian@mehnle.net>
Subject: Re: [apps-discuss] Updating the status of SPF
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 21:09:38 -0000

Frank Ellermann wrote:

> The WG should be also free to say that spf2.0/anything for "mfrom" is
> now considered as obsolescete for the purposes of v=spf1, with more
> details to be determined by the WG as desired.  I'd like to have it
> clear that 4408bis does not require or care about any spf2.0/mfrom
> records as noted in RFC 4406 section 4.4 clause 3, and that 4408bis
> shall be interpreted as specified in 4408bis, notably not as in RFC
> 4406 section 4.4 clause 4.
>
> This issue is already covered in the RFC 4408 security considerations,
> and in its IESG note at the begin, therefore 440bis should have this as
> clear as possible.  [...]

Whereas the note in the security considerations could be expanded or 
supported with whatever relevant evidence exists, I don't think 4408bis 
should even mention "spf2.0" or any of the 440{5,6,7} RFCs.  It never 
has, and I don't see a need for it to start doing so now.

-Julian

v2.23.0 | Report a Bug | By Email