Re: [spfbis] I-D Action: draft-ietf-spfbis-experiment-06.txt
Dave Crocker <dhc@dcrocker.net> Tue, 24 April 2012 18:44 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94AC121E809A for <spfbis@ietfa.amsl.com>; Tue, 24 Apr 2012 11:44:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.657
X-Spam-Level:
X-Spam-Status: No, score=-5.657 tagged_above=-999 required=5 tests=[AWL=0.942, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0tiG-Gja65s for <spfbis@ietfa.amsl.com>; Tue, 24 Apr 2012 11:44:20 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id B310721E8015 for <spfbis@ietf.org>; Tue, 24 Apr 2012 11:44:20 -0700 (PDT)
Received: from [192.168.1.11] (adsl-67-127-58-62.dsl.pltn13.pacbell.net [67.127.58.62]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id q3OIiJVA016567 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <spfbis@ietf.org>; Tue, 24 Apr 2012 11:44:20 -0700
Message-ID: <4F96F479.8070708@dcrocker.net>
Date: Tue, 24 Apr 2012 11:44:09 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: spfbis@ietf.org
References: <20120424165837.3747.64469.idtracker@ietfa.amsl.com> <CAC4RtVC3ivpV7voeva9uEsUmQDpd5hAKN=4CbvftrpPDHqG9Zg@mail.gmail.com>
In-Reply-To: <CAC4RtVC3ivpV7voeva9uEsUmQDpd5hAKN=4CbvftrpPDHqG9Zg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Tue, 24 Apr 2012 11:44:20 -0700 (PDT)
Subject: Re: [spfbis] I-D Action: draft-ietf-spfbis-experiment-06.txt
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 18:44:21 -0000
On 4/24/2012 10:22 AM, Barry Leiba wrote: > I note that Dave Crocker > made two substantive comments that I got directly, but that didn't > show up on the mailing list (he did CC the list, so I don't know why > they're not there). In those, he said that the [DNS] reference should > also be normative, and I think he's right because of the discussion of > RR types. I've been having some mail-posting problems. For the record, here's what I sent... -------- Original Message -------- Subject: Re: [spfbis] Review of draft-ietf-spfbis-experiment-05 Date: Sun, 22 Apr 2012 14:43:41 -0700 From: Dave Crocker <dcrocker@gmail.com> Reply-To: dcrocker@bbiw.net Organization: Brandenburg InternetWorking To: Barry Leiba <barryleiba@computer.org> CC: spfbis@ietf.org <spfbis@ietf.org> On 4/22/2012 1:58 PM, Barry Leiba wrote: > OLD > After six years, sufficient experience and evidence have been > collected that the experiment thus created can be considered > concluded, and a single protocol can be advanced. This document > presents those findings. > > I would prefer that this document avoid making pronouncements and > stating these kinds of opinions ("a single protocol can be advanced"). > The point of this draft is to document results. +1 > OLD > Due to the absence of consensus behind one or the other, and because > Sender-ID supported use of the same policy statement defined by SPF, > the IESG at the time was concerned that an implementation of > Sender-ID might erroneously apply that statement to a message and, > depending on selected recipient actions, could improperly interfere > with message delivery. > > This seems to have a significant SPF bias. May I suggest this?: SPF defined the record. It was there first. Sender ID came afterwards, creating the overload. A 'bias' in this case has rather solid historical precedent. > NEW > Due to the absence of consensus behind one or the other and because > SPF and Sender-ID supported use of the same policy statement with > different semantics, the IESG at the time was concerned that > implementations of SPF or Sender-ID might erroneously apply a > statement that had been published with the semantics of the other, > and, depending on selected recipient actions, could improperly > interfere with message delivery. My above comment notwithstanding, this wording looks fine to me, and in general I concur with this sort of neutral language. > OLD > It is important to note that this document makes no direct technical > comparison of the two protocols in terms of correctness, weaknesses, > or use case coverage. The email community at large has already done > that. > > I suggest "has already done that through its deployment choices." > Otherwise, one might wonder where the comparison that's been done is > documented. ok. > OLD > 3. Although the two mechanisms often used different email addresses > as the subject being evaluated, no data collected showed any > substantial operational benefit (e.g., cheaper processing, > improved accuracy) to using Sender-ID over SPF. > > I suggest "to using either mechanism over the other." Hmmm. Different issue: Often the email addresses are the same. It's the /fields/ that are /always/ different. I suggest changing the wording to say "email address fields". Tidbits of other cleanup: 3. Although the two mechanisms often use different email address fields for evaluation, no data collected showed any substantial operational benefit (e.g., cheaper processing, improved accuracy) to using one mechanism over the other.. > OLD > 3. The absence of significant adoption of the [SUBMITTER] extension, > [SENDER-ID], and [PRA], indicates that there is not a strong > community prepared to develop those mechanisms beyond > experimental status. > > I would MUCH rather see this reported factually, without further > opinion. Something like this: > > NEW > 3. The absence of significant adoption of the [SUBMITTER] extension, > [SENDER-ID], and [PRA], indicates that there is not a strong > community deploying and using these protocols. Here, I think I disagree. Part of the analysis can reasonably note that the analysis period has gone a long time and that a failure to archive much traction after this long is not likely to produce better traction in the future. > OLD > 4. Continued widespread use of [SPF] indicates it is worthy of > consideration for the Standards Track. > > I suggest this: > NEW > 4. [SPF] has widespread implementation and deployment, comparable > to that of many Standards Track protocols. > > -- Security Considerations -- > > OLD > This document contains information for the community, akin to an > implementation report, and does not introduce any new security > concerns. Its implications could, in fact, resolve some. > > That last sentence seems odd. Unless you want to be specific about it, > I suggest removing it. ok. > -- Informative References -- > > We can always argue whether an Informational document, by its nature, > can have "normative" references. There's nothing to argue about. Many Informational documents are specifications. Specifications dictate behavior (within the context of the specifications.) Some of the behaviors that are dictated fundamentally rely on external specifications that are cited. Language that dictates behavior is called 'normative'. This includes such essential citations. I think this is a reasonable summary of the issue: http://stackoverflow.com/questions/6420522/what-does-normative-and-non-normative-mean-in-reference-to-xml I suspect the envisioned debate is caused by confusing normative-ness with standards status... > Still, in the sense that we use it > here, references that are central to the understanding of the document > at hand are usually considered to be normative. DNS is arguable, but > I'd say no. I think the references to PRA, SENDER-ID, SPF, and > SUBMITTER are normative. You think that SPF or Sender ID could function without the DNS specification??? That is, what is it you think might be arguable about classing it as a normative reference? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [spfbis] I-D Action: draft-ietf-spfbis-experiment… internet-drafts
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… Barry Leiba
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… Alessandro Vesely
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… S Moonesamy
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… Dave Crocker
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… S Moonesamy
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… Dave Crocker
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… Murray S. Kucherawy
- Re: [spfbis] I-D Action: draft-ietf-spfbis-experi… S Moonesamy