Home / Blogs

Something’s Cooking at IETF with Email Authentication

DISCLAIMER: I do not have any inside knowledge regarding this nor have I discussed this with any IETF folks. This is based purely on publicly available information.

A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows:

Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate. This review group has not yet been formed but, as with all directorates, its membership will be publicly listed at http://www.ietf.org/u/ietfchair/directorates.html once it has been constituted.

IETF Directorates are defined in RFC 2418 as follows:

In many areas, the Area Directors have formed an advisory group or directorate. These comprise experienced members of the IETF and the technical community represented by the area. The specific name and the details of the role for each group differ from area to area, but the primary intent is that these groups assist the Area Director(s), e.g., with the review of specifications produced in the area.

Now the directorates list does not YET list anything on this. However, now comes word from the SPF folks that something is cooking in this area. In an email to the SPF Discuss list Julian Mehnle wrote the following of the recent SPF Council meeting:

Wayne reported that within the IETF, the draft-schlitt-spf-classic-00[6] specification draft had been conveyed to the Directorate for DNS and Email Authentication (DEA), which is working in private by IETF standard policy. The DEA would contact the drafts’s authors, Meng and Wayne, for any questions and comments. Wayne also stated that he had informed all relevant IETF working groups about the draft and that the DNS groups had raised objections, mostly regarding the zone cut default mechanism, but the e-mail working groups had not expressed any disfavor. Wayne said that was working hard on another iteration of the draft.

A quick check at the IETF’s mailing list page reveals a new mailing list called “DEA-DIR” which stands for “Directorate for DNS and Email Authentication”. The list is currently private and being managed by the two ADs for the application area. The list is referenced in an email from Ted Hardie to the SPF-Council’s mailing list dated January 10th, 2005:

DEA-dir is the list Scott and I are using to as a directorate list for folks helping us review these experimental proposals. The list itself is basically there so we can get folks who have committed to reviewing the drafts to share their reviews with each other. There is no need for you two as authors to be on it; Scott and I already know where to find you to ask you questions on your draft. The dea-dir list is closed, so we can keep the discussion focused, but its members have no special status; comments from reviewers on the list and comments from outside the list are treated exactly the same in the standards process. Anyone with a comment on the drafts can send them to the ADs directly.

So, it appears that the IETF is keeping to its promise after all and is proceeding with evaluation of email authentication proposals on the experimental track via this directorate. Of course since very little public information is currently available it is hard to judge what is going on. Hopefully, the IETF will release more information and publish a list of members as promised originally. And while SPF is being reviewing by the IETF, there has been no word to whether Sender-ID is getting the same treatment.

By Yakov Shafranovich, Software Architect & Consultant

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global