RE: Appeal: Publication of draft-lyon-senderid-core-01 inconflictwith referenced draft-schlitt-spf-classic-02

["william(at)elan.net" <william@xxxxxxxx>]

On Sat, 27 Aug 2005, Douglas Otis wrote:

> On Sat, 2005-08-27 at 12:00 -0700, william(at)elan.net wrote:
>
> > But if reuse of spf1 records is really realy the only way for MS
> > and it wants to continue, then the only possibility for negotiation
> > I see is to get it part the way for both sides. This would involve:
> >    1. MS agrees to change its draft and only use positive results of
> >       SID verification on v=spf1 records (but not fail, softfail or
> >       results if record is absent) and that for negative results real
> >       SPF2.0 record would be needed.
>
> This overlooks a problem related to abuse-feedback techniques accruing
> to "Sender-ID verified" identities.  An erroneous positive verification
> based upon a PRA, unchecked by the sender perhaps due to licensing
> issues, could be a serious concern.  These SPF records are public and
> outbound servers are often shared.

I did not say its good way for the future, but it does eliminate the cases 
of failures [i.e. email not delivered] due to record being used by incorrect
protocol, which  is a lot worse then what you describe. And what I said 
is that this maybe an acceptable [temporary] compromise (not something that
either side is fully happy with) while waiting for permanent solution, which
is #3 on on my list -.both sides agree to work on the next version of SPF 
that has clear scoping and when finished promote that instead of spf1.

--
William Leibzon
Elan Networks
william@xxxxxxxx