Re: [spfbis] Review of draft-ietf-spfbis-experiment-05

[John Leslie <john@jlc.net>]

   (I see by the threading that Scott replied to my email...)

Scott Kitterman <spf2@kitterman.com> wrote:
> 
> Snip.
> 
> That's all true, but not, I think relevant to the question of record
> reuse.

   Perhaps Scott might say _what_ he thinks not relevant. Mostly, I was
quoting the IESG post closing the MARID WG.

> There was consensus in MARID that reuse of SPF records for Sender ID
> PRA assessments was technically inappropriate.

   Um... No.

   There was a widespread belief among MARID participants that Sender ID
use of already published SPF records was inappropriate, but it was never
a WG consensus.

> I don't think it's correct to apply words about the MARID shutdown to
> changes that were made later.

   Scott loses me here. I agree that the Sender ID RFCs were not exactly
what was discussed before MARID closed -- neither was the SPF RFC...
But I was only criticizing wording which purported to state an IESG
_intent_.

   The IESG posting I quoted (in its entirety) is by definition the best
source for IESG intent.

   (Barry and I know firsthand how IESG statements like this are
generated.)

   We also have, of course, the IESG statement in the RFCs in question,
which also represents an IESG consensus (though IMHO probably less work
went into it than into closing a very-active WG):

--------------------------------cut here--------------------------------
RFC 4405          SMTP Responsible Submitter Extension        April 2006
...
   The following documents  (RFC 4405, RFC 4406, RFC 4407, and RFC 4408)
   are published simultaneously as Experimental RFCs, although there is
   no general technical consensus and efforts to reconcile the two
   approaches have failed.  As such, these documents have not received
   full IETF review and are published "AS-IS" to document the different
   approaches as they were considered in the MARID working group.

   The IESG takes no position about which approach is to be preferred
   and cautions the reader that there are serious open issues for each
   approach and concerns about using them in tandem.  The IESG believes
   that documenting the different approaches does less harm than not
   documenting them.

   Note that the Sender ID experiment may use DNS records that may have
   been created for the current SPF experiment or earlier versions in
   this set of experiments.  Depending on the content of the record,
   this may mean that Sender-ID heuristics would be applied incorrectly
   to a message.  Depending on the actions associated by the recipient
   with those heuristics, the message may not be delivered or may be
   discarded on receipt.

   Participants relying on Sender ID experiment DNS records are warned
   that they may lose valid messages in this set of circumstances.
   Participants publishing SPF experiment DNS records should consider
   the advice given in section 3.4 of RFC 4406 and may wish to publish
   both v=spf1 and spf2.0 records to avoid the conflict.

   Participants in the Sender-ID experiment need to be aware that the
   way Resent-* header fields are used will result in failure to receive
   legitimate email when interacting with standards-compliant systems
   (specifically automatic forwarders which comply with the standards by
   not adding Resent-* headers, and systems which comply with RFC 822
   but have not yet implemented RFC 2822 Resent-* semantics).  It would
   be inappropriate to advance Sender-ID on the standards track without
   resolving this interoperability problem.

   The community is invited to observe the success or failure of the two
   approaches during the two years following publication, in order that
   a community consensus can be reached in the future.
--------------------------------cut here--------------------------------

   (Perhaps Scott sees some IESG "changes" in this; but I don't...)

--
John Leslie <john@jlc.net>