Shepherd writeup
rfc7208-21

Summary

  S. Moonesamy is the Document Shepherd for this document. Pete Resnick
  is the Responsible Area Director.

  draft-ietf-spfbis-4408bis describes version 1 of the Sender Policy
  Framework (SPF) protocol, whereby Administrative Management Domains
  can explicitly authorize the hosts that are allowed to use its domain
  names, and a receiving host can check such authorization.

  The working group was chartered to produce a document as a Proposed
  Standard defining the SPF protocol based upon RFC 4408 (Experimental).

Review and Consensus

 This document is a product of the SPFBIS working group, and has been
 through a large number of revisions including a complete reorganization
 of the document.  The working group dealt with a number of controversial
 topics.  The following outlines how those were resolved:

    There was an intermediate conclusion about the topic of whether the SPF
    protocol should use the SPF RRTYPE or the TXT resource record.  It was
    followed by an objection.  After discussion of the topic at the IETF 83
    SPFBIS WG session the conclusion reached was that the decision would be
    not to publish RRTYPE 99 and and not to query RRTYPE 99.  The WG
    consensus about the RRTYPE can be described as particularly rough.  The
    topic of obsoleting the SPF RRTYPE generated a lot of controversy near
    the end of the WGLC.  There were a very high number of messages about
    the topic on the SPFBIS mailing list and the DNSEXT mailing list as some
    DNSEXT WG participants were not aware of RFC 6686.
  
    The topic of whether the SPF protocol has to reject mail or not when
    the result of the evaluation is "Fail" was actively discussed.  It
    was determined that it was a matter of local policy.
    
    There was discussion about standardizing the "best guess" heuristics to 
    guess possible SPF policies for domains that do not publish an SPF record.
    The WG consensus was not to standardize the heuristics.

    The topic of mail forwarding and mailing lists in respect to the SPF
    protocol was not too controversial in comparison with the other
    controversies.  The WG consensus was to have the document discuss about
    the topic in a non-normative manner.

    There was some controversy about whether the use of macros was a
    security risk and whether to deprecate the PTR feature.  There was a
    formal appeal of the SPFBIS WG chair' interpretation of the charter,
    specifically regarding the removal of "unused" features.  The two
    features in particular which drove the appeal were the PTR feature
    and the local-part macro feature.  These features were not removed
    from the document given that the appeal was denied by the Responsible
    Area Director.

    There was significant discussion about whether to use the
    "Received-SPF:" header field or whether to use the
    "Authentication-Results" header field to record the results of a SPF
    evaluation.  The working group decided to add both header fields in
    the document as they are in common use.

    There was a suggestion to reorganize the document.  It was argued that
    the document had become somewhat bloated with documentation of nuance
    and other text that has nothing to do with defining a protocol and
    enabling interoperability.  This led to a stalemate.  Based on the
    discussion during the SFPBIS WG session at IETF 85 the WG decided to
    proceed with a reorganization of the document while ensuring that the
    reorganization did  not create any text changes apart from moving text
    around.

  There is rough consensus within the SPFBIS WG to publish the document.
 
  There are multiple existing implementations of the SPF protocol.  The
  document was reviewed by the SPFBIS working group.  Dave Crocker,
  Stuart Gathman, Murray Kucherawy, John Levine,  Hector Santos,
  Andrew Sullivan, Arthur Thisell, and Alessandro Vesely reviewed the
  document.  Simon Perreault helped to clarify the meaning of IPv4 mapped
  IPv6 addresses.  Murray Kucherawy deserves a special mention for his
  contributions.

  The document was reviewed by Cyrus Daboo on behalf of the Applications
  Area Directorate.   Meral Shirazipour reviewed the document for Gen-ART
  and Phillip Hallam-Baker performed the Security Directorate review.

  I suggest further review of the document from a DNS perspective.

Intellectual Property

  The author confirmed that any and all appropriate IPR disclosures
  required for full conformance with the provisions of BCP 78 and
  BCP 79 have already been filed.

  The working group was informed about an IPR disclosure filed for
  RFC 4408 ( https://datatracker.ietf.org/ipr/1698/ ) before the
  WGLC.  There wasn't any noteworthy discussion about the IPR
  disclosure.

Other Points

  RFC 5598 is already in the DOWNREF registry.  The US-ASCII reference
  is already used in standards track documents.

  IANA action is requested to update the Resource Record (RR) TYPEs
  registry.  The "Received-SPF:" header field is being added to the
  Permanent Message Header Field Registry.  IANA is requested to
  update the SPF Modifier Registry.  The document does not create
  any IANA registries.

  An automated check of the ABNF in Appendix A was performed.

  Id-nits lists a non-RFC2606-compliant FQDN, six non-RFC5735-compliant
  IPv4 addresses and one instance of a private range IPv4 address.
  These warnings can be ignored.  The warning about CFWS is incorrect.
  The reference to RFC 2671 is intentional;  the document also
  references RFC 6891.

  Some WG participants have mentioned that they may express extreme
  discontent about the decision to obsolete the SPF RRTYPE during
  the Last Call.
Back