On 5/12/2015 1:18 AM, Scott Kitterman wrote:
On Tuesday, May 12, 2015 12:16:19 AM Hector Santos wrote:
On 5/11/2015 10:17 PM, Stephen J. Turnbull wrote:
Scott Kitterman writes:
> Actually, the idea behind MARID was to come up with a single
> solution
Is there something we can learn from MARID? I don't see it in the
context of the current discussion, as MARID had little to say about
third parties (it treated them as first parties, and handled third
party issues by suggesting "certification registries"), and explicitly
disclaimed authentication of authorship claims.
MARID main trust was with SPF and CEP (Micrsoft's XML version of SPF
renamed to SenderID when it was changed to a SPF syntax), but the
MARID group was open to other proposals to compete with the SPF
solution. Those other proposals included:
- Domainkeys that included a simple always/sometimes sign policy,
- DKIM, a better Domainkeys with extended third party policies,
- CSV/DNA, an SMTP EHLO level Reputation Method.
These were the first introductions of the idea for Signature TRUST
MODEL and the chain of trust which eventually became the main focus in
the DKIM-WG working group.
But the main focus in MARID was with the SPF idea and there was
outputs from MARID -- a direction to complete the four RFCs and to
treat them as experiments:
RFC4405 SUBMITTER SMTP Service Extension
RFC4406 Sender ID: Authenticating E-Mail
RFC4407 Purported Responsible Address (PRA)
RFC4408 Sender Policy Framework (SPF)
Don't take my word for it. Here's the list of active/published documents for
MARID:
https://datatracker.ietf.org/wg/marid/documents/
[Note to save everyone time, none are listed]
As indicated when the working group closed [1] none of the follow-on
experimental documents were products of the working group, in fact, deviations
from what the working group had agreed on were the source of one appeal.
[1] http://www.imc.org/ietf-mxcomp/mail-archive/msg05054.html
Going back and trying to justify things in this working group based on a
revisionist history of a decade old failed working group isn't going to get us
anywhere.
I wasn't revising anything. I lived it, I produced products from it.
Did you?
Its called Engineering Synergism. Maybe RFC4408 didn't change much
from the original draft, but RFC4405/6/7 were produced because of all
of the related discussions in MARID. How do you think CEP morphed to
SenderID, PRA and Submitter?
You also had the sparks of getting other ideas moving along like DKIM.
The time was not totally a waste and we learned from it. Synergism.
There was a direction.
Finally, you seem to forget the IESG Note that was added to all four
documents. Skip the link, here it is:
IESG Note
The following documents (RFC 4405, RFC 4406, RFC 4407, and RFC 4408)
are published simultaneously as Experimental RFCs, although there is
no general technical consensus and efforts to reconcile the two
approaches have failed. As such these documents have not received
full IETF review and are published "AS-IS" to document the different
approaches as they were considered in the MARID working group.
The IESG takes no position about which approach is to be preferred
and cautions the reader that there are serious open issues for each
approach and concerns about using them in tandem. The IESG believes
that documenting the different approaches does less harm than not
documenting them.
The community is invited to observe the success or failure of the two
approaches during the two years following publication, in order that
a community consensus can be reached in the future.
The work wasn't so independent and a coincidence that these four docs
inserted the IESG note.
Thanks
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
