Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

Dotzero <dotzero@gmail.com> Mon, 19 August 2013 19:03 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 236F921F8F2E; Mon, 19 Aug 2013 12:03:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.6
X-Spam-Level:
X-Spam-Status: No, score=-4.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-jF1ch2k3sk; Mon, 19 Aug 2013 12:03:07 -0700 (PDT)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com [IPv6:2607:f8b0:4003:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id 49EB021F8E40; Mon, 19 Aug 2013 12:03:07 -0700 (PDT)
Received: by mail-oa0-f48.google.com with SMTP id o17so6693698oag.35 for <multiple recipients>; Mon, 19 Aug 2013 12:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QZ1iaIX8m+MUQkSa4EvO7vfMH3GS8ltrxzSDM1qvPAM=; b=lgIdo9js0J6wyvNhw8yqmpJgt8S25tSF3VFOxCnbONT59305/x7t2H3CCj9hd4sAKs tyMy/8Uh7Avj3HSPb+LTE1Virm1htSn5eYY7OwKGSQ+J8Y5IoaDlZbiCdDxT+UAnBxdL YgWvAed3X1D1gZOSpIKXBOSitM3ymd8lo8+1176itKvUwRVPMhn3/xonYayHMQhMV7ye dsL+gWTF5rCC7DJWEdbQvpA/X9M4EmMouk43lvylEsnUQAeGUGltYXsOpEkwD5eZSN1Y qKoH1DwWAYXh2HQkLvWQ8BFzX7+Acy8+rfC9JBH11J97zvF5+NAr/vqTVkvD0576L7BM ofYw==
MIME-Version: 1.0
X-Received: by 10.182.121.137 with SMTP id lk9mr14801490obb.32.1376938986737; Mon, 19 Aug 2013 12:03:06 -0700 (PDT)
Received: by 10.182.34.232 with HTTP; Mon, 19 Aug 2013 12:03:06 -0700 (PDT)
In-Reply-To: <20130819150521.GB21088@besserwisser.org>
References: <20130819131916.22579.36328.idtracker@ietfa.amsl.com> <20130819150521.GB21088@besserwisser.org>
Date: Mon, 19 Aug 2013 15:03:06 -0400
Message-ID: <CAJ4XoYfF05FUq7F9aJ0R8ksLeHC8TraLHV_FR08Nh0f9VW2uHQ@mail.gmail.com>
Subject: Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
From: Dotzero <dotzero@gmail.com>
To: ietf@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 20 Aug 2013 08:04:44 -0700
Cc: "spfbis@ietf.org" <spfbis@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 19:03:08 -0000

The issue Måns Nilsson raises was discussed extensively on the SPFbis
list prior to as well as during last call on the list and I believe
the appropriate decision was reached by the working group. If there is
any doubt in the minds of the IESG regarding whether the working group
reached the correct decision, I would urge those IESG members to
review the threads in the archives related to this issue.

Several related issues, including a race condition, were identified
and the solution to go with TXT only records is IMHO the correct one
under the circumstances. The relatively small uptake of Type 99
records in the wild (both on the publishing side AND on the validation
side) in comparison to the implementation for TXT records made a
compelling case for the decision of the working group.

With regard to the limitations of the working group charter, some
significant change was required to eliminate the race condition
regardless of what that change would be. The decision of the working
group (IMHO - I do not want to put words into anyones mouth) was to go
with the approach which had the least impact on what is arguably a
very large installed existing base on both the sender AND the
validator sides of implementation.

Based on this I would ask that tehe IESG move
draft-ietf-spfbis-4408bis-19.txt to Proposed Standard.

Michael Hammer

On Mon, Aug 19, 2013 at 11:05 AM, Måns Nilsson
<mansaxel@besserwisser.org> wrote:
> Subject: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy?Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard Date: Mon, Aug 19, 2013 at 06:19:16AM -0700 Quoting The IESG (iesg-secretary@ietf.org)
>>
>> The IESG has received a request from the SPF Update WG (spfbis) to
>> consider the following document:
>> - 'Sender Policy Framework (SPF) for Authorizing Use of Domains in Email,
>>    Version 1'
>>   <draft-ietf-spfbis-4408bis-19.txt> as Proposed Standard
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final comments on this action. Please send substantive comments to the
>> ietf@ietf.org mailing lists by 2013-09-02. Exceptionally, comments may be
>> sent to iesg@ietf.org instead. In either case, please retain the
>> beginning of the Subject line to allow automated sorting.
>
> I strongly OPPOSE draft-ietf-spfbis-4408bis-19.txt being published as
> RFC unless substantial parts are reworked.
>
> * The charter disallows major protocol changes -- removing the SPF RR type
> is a direct charter violation; since SPF is being used on the Internet.
>
> * The overloading of the TXT record is a hack at best, aimed at
> circumventing DNS management systems vendors that fail to ship
> support. Breaking the DNS model with specific resource records is not
> the way to get better application support. (besides, the major argument
> at the time was "it's so hard and takes ages to get a RR type", which
> isn't true anymore and also, the RRtype is allocated, what's the fuss? )
>
> * The empirical data that was gathered and the conclusions from which
> that where published as RFC 6686 are IMNSHO flawed and rushed in that they
> set far too optimistic deadlines for adaptation before declaring failure.
>
> The IESG should send draft-ietf-spfbis-4408bis-19 back to spfbis wg and tell
> the wg that instead of deprecating SPF it should be algorithmically
> preferred while maintaining support for TXT.
>
> Thanks,
> --
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> It was a JOKE!!  Get it??  I was receiving messages from DAVID LETTERMAN!!
> YOW!!
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAlISNDEACgkQ02/pMZDM1cXK+gCfYQ1Mv1CHjy9DDn7sA7DC7dF3
> b48An1b49Zqf/du3dvN6pmj6in+CEujB
> =soFG
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> spfbis mailing list
> spfbis@ietf.org
> https://www.ietf.org/mailman/listinfo/spfbis
>