SPF Update Working Group (SPFBIS) Minutes Meeting : IETF85, Thursday 8 November, 2012 Location: Room 209, Atlanta, 17:30 to 18:30 Chairs : Andrew Sullivan Minutes : John Levine Version 0.3 Audio: http://www.ietf.org/audio/ietf85/ietf85-209-20121108-1730-pm3.mp3 AGENDA For this meeting, we have only one agenda item: sort out what, if any, from the proposed reorganization we wish to adopt. An important and relevant mailing list thread starts at http://www.ietf.org/mail-archive/web/spfbis/current/msg02872.html The current WG draft is at http://tools.ietf.org/id/draft-ietf-spfbis-4408bis-08.txt A diff of the proposed changes is at http://www.blackops.org/~msk/spfbis/reorg.html Andrew Sullivan chaired the IETF85 SPFBIS Working Group meeting in Atlanta, U.S.A. John Levine was the minute-taker and Tim Draegen was the Jabber scribe. There were 17 people in the room. The Chair brought the new and improved version of the Note Well to the attention of the meeting participants, asked them to sign the blue sheets and bashed the agenda. Andrew Sullivan, as SPFBIS WG Chair, explained that the working group was having the meeting to discuss the proposal for reorganization of draft-ietf-spfbis-4408bis-08. He explained that the proposal seemed to have split the working group. A summary of the SPFBIS discussions about the proposal is available at http://www.ietf.org/mail-archive/web/spfbis/current/msg02962.html The Chair summarized the arguments for the reorganization: (a) People who are new to SPF will be able to follow the document. (b) It seems to be in line with some other standards which the IETF has produced and that will be important for passing the document through the IESG. (c) There was some concerns about some reorganizations in the original RFC. The counter-arguments are: (a) When you move large chucks of text around there is a risk that the meaning could be changed. The argument was dismissed several times on the mailing list. The Chair urged people to take the argument seriously. He mentioned that the DNSEXT WG ran into a problem when it changed the meaning of something in a way which was significant to the protocol. (b) There are many successful implementations of SPF in the field and therefore there is no reason to change the format of the draft. (c) The working already has a draft on which it has been working on. The three questions to be considered at the meeting were: (a) What is the audience of the document? (b) What is the risk of backward compatibility issues if the document is reorganized; what is the risk that the working group will introduce an accidental change? (c) Will the consumers of the document be better served by the reorganized draft or the current working group draft? The Chair considered this question as the bottom line. Murray Kucherawy commented that he does not believe that the audience for the document is current implementers. He mentioned that as work builds up on DMARC there will be some new implementations. He believes that there was a tight-knit community when SPF was developed and that the community is smaller now. The quality of the document needs to be much higher because the audience is not the same as it used to be. He doesn't know how to measure the risk to backward compatibility. He pointed out that he did not face the problem with DKIM. The Chair suggested that one way to test for backward compatibility is to get somebody who has not implemented SPF before to test against the reorganized draft and see whether it is compatible with existing implementations. Scott Kitterman (attending remotely) would like to make sure that the working group is done with all reorganization questions and does not get derailed again. He mentioned that the SPF community is smaller but is still there and willing to help people out. He pointed out that Murray's draft also included some changes which was not just organizational. Murray Kucherawy agreed with Scott Kitterman and said that they have had a discussion about the matter. Dave Crocker thought that it was worth distinguishing between new implementers and new operators. He doesn't think that the document will be relevant to existing folks. He suggested moving the text around and snapshot it as an I-D so that it is in the record and then go and improve the language. He said that things like conflating policy with mechanisms are standard examples of how the document may be confusing to average new readers: Structural clarity seems to make an enormous difference to that. Scott Kitterman commented that the working group agrees on structural changes and can check the details of textual changes later. Tim Draegen commented that the audience for the document are less technical experts and more folks that are coming on board and looking at SPF to deploy. As a trainer he would like to have a cleaner document that he can have his students look up. That is the primary audience in his opinion. He does not think that there is a risk of accidental changes as many people are paying attention to the draft now. The way to avoid that is to rely on reviewing to catch any mistakes. The Chair commented that it would be useful to point if there are any parts in the existing draft that would be problematic. It would then be possible to prioritize which parts of the reorganized document is really important. Tim Draegen listed when does the HELO identifier come into play as an example. Dave Crocker relayed a comment from Kurt Andersen about a +1 for restructuring based on Tim Draegon's position statement related to educational usage. Scott Kitterman commented on Tim's point about the new people trying to figure out how to publish SPF records is an excellent one. It kind of convinced him that there is more of a new audience than he had anticipated before. John Levine commented that there are multiple audiences; one is the programmers who need to know how to build a SPF machine, take a record, process it and return a trinary result; the second audience is people sending mail and wanting to create correct SPF records; a third audience is people taking that trinary result and configure their mail servers to do something. The problem with the current draft is advice to those three groups are mixed together. He would like to separate the algorithmic part from the heuristics part which is basically about what to do with the result. The Chair asked whether there is still work to be done in respect to the reorganization. John Levine replied that he posted comments over a month ago and he does not remember. Alessandro Vesely agreed with what John Levine said. He pointed that there is a confusion about whether any advice in the document is given to the programmer or the configurator. Each implementation takes a different approach the whitelisting or the exclusion or whatever is needed to have SPF make sense. He would like to separate those parts. Alessandro Vesely commented on splitting the document into two separate documents which is the algorithmic and the publishing parts, and the receiver behavior. He asked whether that decision was expected to come out of the meeting. Scott Kitterman (via Jabber) said that if we can get consensus on one thing today, please can it be that we've done all the reorganizing/splitting we are going to do, so we can focus on getting whatever we are going to do done? The Chair stated that he would like the working group to come to agreement on which way it would like to go. Alessandro Vesely replied that he would like to see the document split in two, even if that is more difficult as it requires to interpret concepts that the original document pushes without saying why and how. Murray Kucherawy mentioned that the reorganization makes it possible to split the document but he does not advocate either way. Chris (full name was not audible) said that the reorganization keeps the document the way a normal RFC reads and that it would be easier for somebody he brings on board his team to understand and discuss about the document. Kurt Andersen (via Jabber) said that unless it would help get through the approval process, he would advocate a reorginaztion without a split. John Kelly considered the audience as being new implementers. Risk of backward incompatible changes do exist but he does not see a risk of backward incompatibility. He agreed with Chris about the reorganization. He said that he was 49 split versus 51 not split. He is okay with whatever helps the approval process; if it is a noop, he would go for leave the document intact just for referenceability. Pete Resnick, as Responsible Area Director, commented on the process question: so long as the working group gives him ammunition to fight silliness, he is not worried about getting through Last Call or the IESG Evaluation. He asked whether there is anything specific about the reorganized document which is concerning people. Andrew Sullivan put forward an argument that was made on the mailing list; the reorganization is an opportunity for people who have been trying to make changes to SPFBIS specification to sneak those changes in. He stated that there wasn't any pointer to any place where that has actually happened. He had to discount it as an actual problem as it was a change that he was unable to see. Pete Resnick stated that the comment made by Dave Crocker about doing the reorganization first and doing the changes after that would address the risk of changes being sneaked in. Scott Kitterman (via Jabber) stated that since the document editor is strongly opposed to making such changes, he thinks the risk of it is quite low. In his opinion it was clear that there is a strong lean towards the reorganization in the group and he is okay with that. He thinks that splitting is a bad idea for several reason. He also mentioned that Andrew's discussion of the DNS issue exemplifies one concern about a split. Currently, he has references to specific paragraphs about protocol, policy, and publishing. If it's split into two or more documents, then we lose those deep references and introduce risk of confusion. Scott Kitterman stated that if the consensus is to reorganize, then he is happy to review Murray's diff and make sure it doesn't introduce any inadvertent changes. The Chair, responding to a comment from Alessandro Vesely, mentioned that the idea of a comparison of the reorganized draft is to do a sanity check and any subsequent changes would be changes the working group did intentionally. Pete Resnick commented on the IESG having to review the iSCSI draft which was a 300 page monstrosity. Having the diff, taken after reshuffling paragraphs of the original RFC so that they matched, really made a difference in that case. important for the working group to convince itself that all things are good instead of being concerned about a violation in the SPFBIS charter which restricts changes that can be made to the document. The Chair agreed that there is a value in documenting the changes as the WG is chartered to not alter the specification and it might be asked to prove that it actually didn't. John Levine was okay with not splitting the document. The Chair stated that his impression after hearing the comments about the first question is that the working group has a pretty broad audience for the document. In response to the second question the working group seems to have some procedures to minimize the risk of changes and those sound like they are going to be acceptable. His sense of the room about the third question is that there is a desire to do the reorganization. The Chair asked two questions to take a sense of the room: (i) support for reorganization (ii) not support the reorganization The Chair stated that what he heard from the hums in very support for the reorganization and no opposition. That will be confirmed on the SPFBIS mailing list. The Chair took a hum about: (i) splitting the document (ii) opposed to splitting the document The Chair heard at least two hums in favor of splitting the document. The Chair mentioned that there does not seem to be a strong opinion one way or the other. It was also mentioned that the input from Jabber pointed to people being opposed to splitting the document. The answer is not to split the document. Alessandro Vesely commented that an Applicability Statement for receiver behavior should be experimental, currently. Murray Kucherawy commented that the idea of a second document was: here is what you do with a "pass", here is what we think you are supposed to do with a "fail". He mentioned that there was now obvious resistance to that and he didn't want to get into all the arguments. The Chair took another hum about splitting the document in light of the new arguments which were made: (i) all those in favor of splitting the document (ii) all of those opposed to splitting the document He stated that he heard approximately even in the room for the two options and that, in Jabber, there were nobody in favor and people opposed. The Chair stated for the minutes that the working group will be doing the reorganization but it is not planning to split the document. This will be taken to the mailing list for confirmation. Murray Kucherawy and Scott Kitterman will collaborate on an updated document taking into account the intermediate steps to do the comparison in case anybody gives the working group a hard time later. The Chair asked whether that seems what the working group agreed to today and nobody said no. Pete Resnick, as Responsible Area Director, asked to put the question to the mailing list and ask people to state their objections if they are in favor of a split. Dave Crocker commented that it is unncessary. The Chair, in reply to a comment from Scott Kitterman, commented that the plan is to send a note to the mailing list that outlines the intermediate steps and who is going to take them. Under Any Other Business, Alessandro Vesely had a question about DMARC not to be discussed in the IETF. The question was not discussed further as it was not SPFBIS business. Andrew Sullivan thanked the working group for the productive meeting. The meeting was adjourned at 6:29 p.m.