RE: Appeal: Publication of draft-lyon-senderid-core-01 inconflictwith referenced draft-schlitt-spf-classic-02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2005-08-27 at 12:00 -0700, william(at)elan.net wrote:

> But if reuse of spf1 records is really realy the only way for MS
> and it wants to continue, then the only possibility for negotiation
> I see is to get it part the way for both sides. This would involve:
>    1. MS agrees to change its draft and only use positive results of
>       SID verification on v=spf1 records (but not fail, softfail or
>       results if record is absent) and that for negative results real
>       SPF2.0 record would be needed.

This overlooks a problem related to abuse-feedback techniques accruing
to "Sender-ID verified" identities.  An erroneous positive verification
based upon a PRA, unchecked by the sender perhaps due to licensing
issues, could be a serious concern.  These SPF records are public and
outbound servers are often shared.  

Neither of the path registration schemes provide domain protection at
shared servers.  Even with MTA checks to mitigate domain spoofing at
shared servers, these checks may also be limited by the same licensing
issues.

This retains a need to understand the assurances made by the sender with
respect to the scope of the record, and is unrelated to how a failure is
handled.  Assume the miscreants will know what passes.  

-Doug


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux