[spfbis] A standards track document defining SPF
S Moonesamy <sm+ietf@elandsys.com> Wed, 18 July 2012 20:09 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46B511E8095 for <spfbis@ietfa.amsl.com>; Wed, 18 Jul 2012 13:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SmTLfcL6isf8 for <spfbis@ietfa.amsl.com>; Wed, 18 Jul 2012 13:09:26 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8E311E8166 for <spfbis@ietf.org>; Wed, 18 Jul 2012 13:09:26 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([41.136.239.220]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id q6IKA4KH004422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <spfbis@ietf.org>; Wed, 18 Jul 2012 13:10:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1342642216; bh=kob8HSjOhH/sMf5E0YCAK5FOCusmojy5mitGwps6p+Q=; h=Date:To:From:Subject:Cc; b=Adw/2V+Qf8CYNEnPT5uoxhLQwclxGzaOaCrHderdVScNff5eR22dNundP7wYh2JaS ErtwNbfyB7HUN8L2+0unlPK/LhXtFN9OPZ4nqgeiEEJRXgGkXbiS583KJEo8tbEtMM sgVHM/5szzS9C4kSzoEwMytiYy2R9o+8G2MnKv9w=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1342642216; i=@elandsys.com; bh=kob8HSjOhH/sMf5E0YCAK5FOCusmojy5mitGwps6p+Q=; h=Date:To:From:Subject:Cc; b=T5hDVExxbZQGNlFvkuijwOTzK5euvYngDx7uuwIdLDUSV9FtEPuoVbMeYr2Y7iwAT PcADfbe7jx9zLQvu+658uN7vzdl+aA42CjgcFW3cPw0A3YnWfj9sZaXnvAeNQvjDfA 8Zqv8jD8l1tw58zyJ3y+fqqUNzSp7mdpMMOMPDOU=
Message-Id: <6.2.5.6.2.20120718130921.0a394300@elandsys.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 18 Jul 2012 13:09:36 -0700
To: spfbis@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [spfbis] A standards track document defining SPF
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2012 20:09:26 -0000
Hello, The second and last deliverable for the working group is to produce a standards track document defining SPF by December 2012. The SPFBIS Charter mentions features. Instead of commenting about features I'll look at this from another angle. (i) RFC 4408 has not been reviewed by the IETF (ii) There are multiple implementations of RFC 4408 (iii) The Errata for RFC 4408 does not mention Issue #9 draft-ietf-spfbis-4408bis is unusual work as Experimental RFCs generally go through (i). It can be argued that the draft can be published as a RFC with (iii) as the significant change and some editorial changes. Murray Kucherawy mentioned the following [1]: "If I were sitting on SECDIR, I'd make some noise about this during Last Call, for example." draft-ietf-spfbis-4408bis will be reviewed by the IETF Security Directorate (SECDIR). It is expected that the working group will give some serious thought to the security considerations aspect before the Last Call. Scott Kitterman raised an interesting point: backward incompatibility [2]. The question that comes to my mind is whether draft-ietf-spfbis-4408bis has to be backward compatible with RFC 4408. Section 4 of RFC 4408 has the following requirement: "Mail receivers that perform this check MUST correctly evaluate the check_host() function as described here." There is a reference in that Section 4 to Section 2.5. In Section 2.5.5, there is: 'A "SoftFail" result should be treated as somewhere between a "Fail" and a "Neutral".' Depending on how one interprets RFC 2119 there may or may not be a recommendation in that sentence. Assuming that it is a recommendation (SHOULD) the "somewhere between" two possible results is ambiguous. Section 5 defines the mechanisms. Section 6 defines the modifiers. I'll assume that a change in these sections can affect the results (Section 4). The macros defined in Section 8 indirectly affects mechanisms and modifiers. In my individual opinion RFC 4408 is not ready for publication as a Proposed Standard as an IESG Evaluation would generate DISCUSSes (issues the working group must fix). Kurt Andersen commented about why "management elected to discontinue the use of all SPF records [3]. Derek Diget mentioned that 'as a email admin, I am starting to feel that the more that is deprecated or removed, the more that I will run into issues with a sender saying one thing (either a "legacy" 4408 SPF record or an updated 4408bis SPF record) and my (receiver) software evaluating it differently than the publisher wanted' [4]. draft-ietf-spfbis-experiment did not generate any DISCUSSes as the working group discussed the issues and possible issues. My suggestions are: 1. Demonstrate that a RFC 4408 implementation and a draft-ietf-spfbis-4408bis implementation will produce the same results 2. If (1) is not possible, provide an explanation for the change Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/spfbis/current/msg01879.html 2. http://www.ietf.org/mail-archive/web/spfbis/current/msg01888.html 3. http://www.ietf.org/mail-archive/web/spfbis/current/msg01889.html 4. http://www.ietf.org/mail-archive/web/spfbis/current/msg01902.html
- [spfbis] A standards track document defining SPF S Moonesamy
- Re: [spfbis] A standards track document defining … Commerco WebMaster
- Re: [spfbis] A standards track document defining … Dave Crocker
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Commerco WebMaster
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- [spfbis] Is a feature desirable in practical term… Dave Crocker
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] Is a feature desirable in practical … Commerco WebMaster
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Alessandro Vesely
- Re: [spfbis] A standards track document defining … S Moonesamy
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] Is a feature desirable in practical … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] A standards track document defining … Murray S. Kucherawy
- Re: [spfbis] PTR checking, was A standards track … John Levine
- Re: [spfbis] A standards track document defining … Scott Kitterman
- Re: [spfbis] A standards track document defining … Andrew Sullivan
- Re: [spfbis] A standards track document defining … Alessandro Vesely
- Re: [spfbis] A standards track document defining … Hector Santos
- Re: [spfbis] A standards track document defining … Alessandro Vesely
- Re: [spfbis] A standards track document defining … Hector Santos