Mailing List Archive: SPF: Deployment

2822 solutions

Index | Next | Previous | View Threaded

mengwong at dumbo

Oct 26, 2004, 7:23 AM

Post #1 of 3 (3194 views)
Permalink

2822 solutions

On Tue, Oct 26, 2004 at 10:06:12AM -0400, spf2 [at] kitterman wrote:
|
| For myself, I would find it acceptable if there were an unburdened
| alternative for 2822 (or at least a placeholder for it as a scope). Leave
| it to the market to decide only works if there is a real choice. Currently,
| if one wants to work with the 2822 header, there is no choice, only PRA. If
| there were room for a free alternative in the same domain, then I think a
| lot more people would be ready to move on.

Yahoo DK is aimed at this as well, and it's maturing faster
than you think. GMail is already signing all outbound mail
with DK.

I put these slides together last week. They show how 2821
and 2822 solutions can complement each other.

http://spf.pobox.com/slides/motherzombie/

They are informed by recent thinking in the "Unified SPF"
space, which says "check 'em all, may the first pass win":

http://spf.pobox.com/slides/unified%20spf/0429.html

When I say "pass" I mean a dual-pass, requiring both auth
and receiver-policy to work.

http://spf.pobox.com/slides/tokyo-20040929/1420-authpluspolicy.pdf
http://spf.pobox.com/slides/tokyo-20040929/1455-authpluspolicy.pdf

The 2821 vs 2822 breakdown also agrees with the model shown at

http://spf.pobox.com/slides/crossingbeams/0220.html

cheers
meng

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

wayne at midwestcs

Oct 26, 2004, 7:27 AM

Post #2 of 3 (2915 views)
Permalink

Re: 2822 solutions [In reply to]

In <20041026142339.GN6162 [at] dumbo> Meng Weng Wong <mengwong [at] dumbo> writes:

> On Tue, Oct 26, 2004 at 10:06:12AM -0400, spf2 [at] kitterman wrote:
> |
> | For myself, I would find it acceptable if there were an unburdened
> | alternative for 2822 (or at least a placeholder for it as a scope).
>
> Yahoo DK is aimed at this as well, and it's maturing faster
> than you think. GMail is already signing all outbound mail
> with DK.

Ok, so if you think DK is the way to go for 2822, then why are you
advicing people to support the PRA? Especially since you think the
PRA is a terrible idea?

-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

spf2 at kitterman

Oct 26, 2004, 7:38 AM

Post #3 of 3 (2922 views)
Permalink

RE: 2822 solutions [In reply to]

>-----Original Message-----
>From: owner-spf-deployment [at] v2
>[mailto:owner-spf-deployment [at] v2]On Behalf Of Meng Weng Wong
>Sent: Tuesday, October 26, 2004 10:24 AM
>To: spf-deployment [at] v2
>Subject: [spf-deployment] 2822 solutions
>
>
>On Tue, Oct 26, 2004 at 10:06:12AM -0400, spf2 [at] kitterman wrote:
>|
>| For myself, I would find it acceptable if there were an unburdened
>| alternative for 2822 (or at least a placeholder for it as a
>scope). Leave
>| it to the market to decide only works if there is a real choice.
> Currently,
>| if one wants to work with the 2822 header, there is no choice,
>only PRA. If
>| there were room for a free alternative in the same domain, then I think a
>| lot more people would be ready to move on.
>
>Yahoo DK is aimed at this as well, and it's maturing faster
>than you think. GMail is already signing all outbound mail
>with DK.
>
>I put these slides together last week. They show how 2821
>and 2822 solutions can complement each other.
>
> http://spf.pobox.com/slides/motherzombie/
>
>They are informed by recent thinking in the "Unified SPF"
>space, which says "check 'em all, may the first pass win":
>
> http://spf.pobox.com/slides/unified%20spf/0429.html
>
>When I say "pass" I mean a dual-pass, requiring both auth
>and receiver-policy to work.
>
> http://spf.pobox.com/slides/tokyo-20040929/1420-authpluspolicy.pdf
> http://spf.pobox.com/slides/tokyo-20040929/1455-authpluspolicy.pdf
>
>The 2821 vs 2822 breakdown also agrees with the model shown at
>
> http://spf.pobox.com/slides/crossingbeams/0220.html
>
>cheers
>meng
>
Or one could use the approach defined in:

http://www.ietf.org/internet-drafts/draft-leibzon-responsible-submitter-00.t
xt

as a drop in replacement for PRA without it's associated risks and without
the complexity of cryptographic solutions.

Scott Kitterman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads