FUD in Meng's "What To Do"
Matthew Elvey
2005-08-23 18:51:12 UTC

While DKIM is clearly gaining momentum, a lightweight (LMAP) solution
(lightweight in terms of
bandwidth, DNS, CPU, user and administrator load) is needed as well,
such as CSV or SPF3. DKIM is not lightweight in terms of
bandwidth, DNS, CPU or administrator load. SPF is not lightweight in
terms of DNS, user or administrator load.
Spread FUD about the edge cases.
None of the approaches are perfect. A message could be for-
warded through a site that does not perform srs and does
not prepend Resent headers; that message could then pass
through an mta that munges the content for perfectly good
reasons. This corner case is a favourite of technical perfec-
tionists who use it to argue that one can never reliably reject
a message based on sender authentication.
I've never seen anyone make this case. It appears that this is
spreading misinformation. The case I've seen made is that while this
flaw (and others) exist in SPF's flavor of sender authentication, it
does not apply to some other authentication systems that fit in an Aspen

I also felt misled after seeing 'CSV' in big letters on the cover, but
found no mention of it in the body of the paper.

I've set reply-to to MXCOMP <ietf-***@imc.org> to try and direct
discussion there.
