Stefano Bagnara wrote:
> I just ran the testsuite r94 against jSPF and all tests pass.
Great. I have an idea how to organize some kind of "SPF seal".
It's possible to submit "implementation and interoperability
reports" to the IESG, they then publish it on an IETF Web page:
<http://www.ietf.org/IESG/implementation.html>
We could create an openspf page with links to the homepage of
the tested implementation, and its published test report, with
some desirable and simultaneous effects:
- Implementors can assert their test results, no "third party"
involved.
- The test report could note which version of the test suite
was used, and ideally it contains a _detailied_ explanation
how the following SHOULD in RFC 4408 is implemented:
| SPF implementations SHOULD limit the total amount of data
| obtained from the DNS queries.
Of course I'm talking about Doug Otis and his "DDOS attacks".
- "We" (SPF project) get the implementation reports "we" might
need to enter "standards track" (guessing, I didn't ask the
"apps" area directors what they think about it).
- The tested SPF implementation gets its "seal of approval" on
the openspf site.
- The remains of the SPF community, um, or whatever, doesn't
need to create some official "test lab" procedure, or find
some institution willing to do this with or without a fee.
Could that work ?
Frank
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/1007/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/1007/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1311533&id_secret=73718959-8e7ec8
Powered by Listbox: http://www.listbox.com
> I just ran the testsuite r94 against jSPF and all tests pass.
Great. I have an idea how to organize some kind of "SPF seal".
It's possible to submit "implementation and interoperability
reports" to the IESG, they then publish it on an IETF Web page:
<http://www.ietf.org/IESG/implementation.html>
We could create an openspf page with links to the homepage of
the tested implementation, and its published test report, with
some desirable and simultaneous effects:
- Implementors can assert their test results, no "third party"
involved.
- The test report could note which version of the test suite
was used, and ideally it contains a _detailied_ explanation
how the following SHOULD in RFC 4408 is implemented:
| SPF implementations SHOULD limit the total amount of data
| obtained from the DNS queries.
Of course I'm talking about Doug Otis and his "DDOS attacks".
- "We" (SPF project) get the implementation reports "we" might
need to enter "standards track" (guessing, I didn't ask the
"apps" area directors what they think about it).
- The tested SPF implementation gets its "seal of approval" on
the openspf site.
- The remains of the SPF community, um, or whatever, doesn't
need to create some official "test lab" procedure, or find
some institution willing to do this with or without a fee.
Could that work ?
Frank
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/1007/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/1007/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1311533&id_secret=73718959-8e7ec8
Powered by Listbox: http://www.listbox.com