The appeal of the Authentication-Results header draft is reluctantly
being withdrawn. While this draft confuses authorization with
authentication, it is being withdrawn in the hope that subsequent Best
Current Practices will soon remedy the short-comings noted by the
appeal. This withdrawal is being done to better expedite adoption of
the header, while at the same time recognizing the severe security
deficiencies the current definition of this header imposes.
The Sender-Header-Auth draft clouds what should be clear and concise
concepts. Organizations like Google have already remedied many of the
security concerns through inclusion of free form comments.
Unfortunately, comments are not a good vehicle for standardization,
but perhaps some form of extension will soon adopt a standardized
means to introduce vitally important SMTP client IP addresses. The
appeal was not taken lightly, but feedback from those within the email
community appears indicate a willingness to adopt this header standard.
Douglas Otis and Dave Rand
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf