This is the recent traffic on the #SPF-council IRC channel on irc.pobox.com. Anyone may join the channel, but only council members can talk.

If you do not have access to IRC, you may view the recent traffic at: http://www.schlitt.net/spf/spf-council/now/irc_log.html.

This log can be can be viewed at: http://www.schlitt.net/spf/spf-council/2006/08/05_irc_log.html.

IRC nicknames:
JulianJulian Mehnle
MarkKMark Kramer (asarian-host.net)
SDGathmanStuart Gathman
shewMark Shewmaker
willixWilliam Leibzon
 
freesideMeng Weng Wong
gconnorGreg Connor
grumpyWayne Schlitt

--- Sat Jul 8 16:01:28 UTC 2006 ---
16:01<Julian><SDGathman> Is the meeting on?
16:01<Julian><Julian> I have no idea.
16:01<Julian><Julian> I doubt we're going to reach quorum.
16:13<shew>Do we have quorum?
16:13<shew>Oh. I miscounted.
16:13<Julian>shew + SDGathman + Julian = 3. :-/
16:14<shew>(I saw 7 green with-voice dots and didn't look at the names.)
--- Wed Jul 12 00:01:38 UTC 2006 ---
00:01<freeside>10
00:01<freeside>ahem
--- Sat Aug 5 15:53:12 UTC 2006 ---
15:53<SDGathman>ANything happening today?
15:54<Julian>I know of nothing.
15:55<Julian>No one replied to my proposal to have a meeting today, except for William.
15:55<SDGathman>Hmm, I didn't see an actual meeting proposal.
15:56<SDGathman>I've just been showing up at this time in case I miss one.
15:56<Julian>http://archives.listbox.com/1943/200608/0001.html
15:57<Julian>It was a proposal, not an announcement.
15:57<Julian>There's little point in announcing a meeting if nobody has indicated they were able and/or willing to show up in the first place.
15:58<SDGathman>This Saturday slot is almost always open for me.
15:59<Julian>Sending a quick reply "This Sat, 14:00 UTC is OK with me" isn't hard.
16:00<Julian>I rarely got any reactions when I raised an issue or directly proposed to have a meeting over the past three months.
16:00<SDGathman>I didn't see the proposal.
16:00<SDGathman>My mailbox is inundated.
16:00<Julian>Understood.
16:01<SDGathman>The worst is political messages.
16:01<SDGathman>You send money to a candidate, and next thing you know you get dozens of messages a day from their party...
16:03<SDGathman>They are hoping and praying I will be a full-time activist, I guess.
16:12<Julian>Filtering messages by /^List-ID: <spf-council@v2\.listbox\.com>/ shouldn't be hard, either.
16:12<SDGathman>Yeah, I could move spf-council messages to their own folder - but then I'd have to remember to check it.
16:13<Julian>I always took care that spf-council did not get swamped by unimportant messages so no one would have an excuse not to read spf-council.
16:13<Julian>Oh well.
16:14<Julian>If someone makes things move forward now, we can still make progress.
16:15<SDGathman>I saw a message about a summary that I might have volunteered for.
16:15<SDGathman>Can you refresh my memory?
16:15<Julian>What summary?
16:16<SDGathman>I did the SPF vs SID, and am working on test suite. I don't remember a summary.
16:16*Julian is confused.
16:17<Julian>I wrote two summaries:
16:17<Julian>One for the website transition: http://archives.listbox.com/1943/200607/0014.html
16:17<Julian>And one for the test suite: http://archives.listbox.com/1943/200607/0015.html
16:17<Julian>Not sure if that's what you meant.
16:19<SDGathman>http://archives.listbox.com/1943/200607/0020.html
16:21<Julian>I replied to William "I have no idea" because I wasn't sure what he meant.
16:21<SDGathman>I am happy with the test-suite schema, but I think we should address Wayne's request for an online copy of the zonedata.
16:22<Julian>I don't think he meant the "SPF vs Sender ID" page, though.
16:22<Julian>_Have_ you been working on some kind of summary besides that page?
16:22<SDGathman>No.
16:22<Julian>Didn't think so, either.
16:22<SDGathman>I was hoping someone would step up and do another RFC section or so now that I got the ball rolling.
16:23<Julian>Yeah, I know that feeling.
16:23<Julian>I'm still going to make a formal test suite schema in Relax-NG (probably), but haven't found the time yet.
16:24*Julian is still working on Mail::SPF.
16:24<SDGathman>Do we need to do a naming convention to support an online copy, or is it doable with a script that substitutes domain names inside SPF/TXT records?
16:25<Julian>We need a naming convention in any case, even if we just write a script.
16:25<SDGathman>I hate conventions that aren't automatically checked.
16:25<SDGathman>How about: all domains end in 'example.com'. Then 'example.com' can be replaced with whatever.
16:26<Julian>Do _we_, as the SPF project, want to publish the online version of the test suite? I.e., under the openspf.org domain or something?
16:26<SDGathman>That is what Wayne was requesting.
16:26<SDGathman>Apparently, it is difficult to supply a DNS hook for testing libspf2.
16:27<Julian>I'd prefer if we could decide on the domain management issue first. Even if we decide to change nothing and let Wayne manage the domains' DNS. But some decision should be made.
16:27<Julian>To date, the issue hasn't even been discussed properly.
16:28<Julian>No one besides William and me stated their opinion.
16:28<SDGathman>Wayne should have a designated alternate. He dissappears for long periods. Which is fine - anyone could get run over by a bus. But his alternate should be able to manage things while he is gone.
16:29<Julian>That alternate would have to be hot-swappable.
16:29<SDGathman>Yes.
16:29<SDGathman>Then, if Wayne does get run over, the alternate can take over.
16:30<Julian>Exactly. No offense, Wayne.
16:31<Julian>Anyway, none of the others are here right now. If you do have an opinion, I think it would be more productive to post it as a reply to the thread on spf-council instead of elaborating it here.
16:57<shew>Sorry to be late here.
16:58<Julian>If we paged William now and managed to get him in here, we could even have a meeting, although hardly. /me wonders what's up with MarkK.
16:58<Julian>shew: No meeting has been announced, so you can't be late.
17:00<Julian>How much time does each of you have for a meeting, assuming William shows up within the next hour?
17:02<shew>I have a few hours.
17:02<SDGathman>Same here.
17:02<Julian>Alright, then I'll try to page William. Perhaps he can make it.
17:08<Julian>Paged.
17:17<willix>I'll come back again 2 minutes
17:17<Julian>SDGathman: Oh, now I understood what you mean by "naming convention". Well, I think we don't absolutely need one. The SPF records in the test data could be parsed and all domains could be modified accordingly.
17:18<SDGathman>Right. But it would be easier with a unique pattern to match.
17:18<Julian>I'd feel safer that way, though, rather than with simply doing a s/example.com/example.com.tests.openspf.org/g (globally).
17:19<Julian>Welcome, everybody.
17:19<willix>who is here today?
17:19<Julian>MarkK is still AWOL. I have no idea where he is.
17:19<Julian>Everyone else is here. Behold!
17:22<Julian>Please everyone read the #spf-council log linked to by the topic, as well as the sort-of-meeting-agenda.
17:22<Julian>Say "done" when you're done.
17:23<shew>Done. (And I'm fine with the agenda.)
17:23<SDGathman>Done
17:24<Julian>willix?
17:25<willix>done (mostly)
17:25<Julian>willix: How much time do you have for this meeting?
17:26<willix>up to 3 hours
17:27<Julian>Fine. I certainly hope it won't take us nearly that long.
17:27<Julian>So let's start.
17:28<willix>call meeting to order
17:28<Julian>So be it.
17:28<Julian>0. Julian resigns from the position of council chairman
17:28<Julian>As I said earlier on #spf-council today, I fully understand that this is an all-volunteers operation.
17:29<Julian>And, in case there is a misconception, the council hasn't been elected to do all the work itself.
17:29<willix>I think you need to take this back as you resigned because of meeting and it got organized on Satarday anyway
17:30<willix>besides that as I said before, you should not expect everyone to be available during the summer
17:30<Julian>I don't.
17:30<Julian>Nevertheless, I'd like to ask if someone else would like to take over the job of organizing real-time meetings or organizing the council's business?
17:30<Julian>...in some other way?
17:31<Julian>Perhaps someone else can do better than I.
17:31<willix>you were doing fine
17:31<willix>you had highier expectations of results
17:31<Julian>Lowering my expectations isn't going to lead anywhere. :-|
17:32<Julian>Besides, I don't think my expectations are all that high.
17:32<SDGathman>Julian has had better success than I have trying to organize family meetings.
17:32<willix>I do want to ask what's up with MarkK.
17:32<Julian>As I said, I don't expect any of you to do anything besides being reactive and agreeing to _some_ method of making decisions within the council.
17:32<shew>What about making a few make-work things somewhat easier. For instance, we could set up a schedule of meetings for the rest of the year right now--then it would be incumbant upon objectors to object to specific times in time.
17:33<shew>(I would object to a Sept 2 meeting. Labor day weekend--everyone off doing some vacation-type something in the states.)
17:33<Julian>I have nothing against your suggestion, shew.
17:34<willix>I don't know my schedule until end of the year. But unless I'm traveling I'm willing to make Satarday mornings available
17:34<Julian>I think that making appointments dynamically is more appropriate, but it may be less effective (as can be seen from experience).
17:35<shew>This isn't so much to tell everyone they have to be there as to prod us all into giving objections in time.
17:35<shew>Without Julian having to do so himself.
17:35<willix>Ok. Lets then do it every 2nd satarday same time as now
17:36<shew>Then I object to Labor day weekend. :-)
17:36<Julian>What about this: let's meet on IRC _informally_ every Saturday by default, and if there's something to discuss _and_ at least 4 of us have the time, we can have a meeting. Otherwise we try again the following week.
17:37<shew>Cool.
17:37<Julian>That way we can have meetings when we need them (which would hardly be every week!).
17:37<willix>sound good
17:37<shew>Much simpler idea.
17:37<SDGathman>I agree.
17:37<SDGathman>Proven concept :-)
17:37<Julian>For that to work, you'd either have to idle in #spf / #spf-council most of the time, or at least join at a specific time.
17:38<shew>Will do. (I have not been on the channel much in the past month--I'll change that.)
17:38<SDGathman>I have been joining around noon ET on saturday.
17:38<Julian>FWIW, reading the spf-council mailing list and being reactive would work, too.
17:38<willix>what utc time is it right now?
17:38<Julian>17:38 UTC.
17:39<Julian>willix: Do you change timezones often (e.g. when traveling)?
17:39<willix>ok, is anyone has problems to come to #spf and/or #spf-council between 17:00 and 18:00 UTC?
17:40*Julian is fine with that. He's usually here anyway.
17:41<shew>On an informal basis, no problem.
17:41<SDGathman>Motion: adopt Julian's dynamic meeting plan. Informal meeting every Saturday at 1700 - 1800 UTC, which can become a formal meeting given quorum and agenda.
17:41<Julian>1741u: seconded
17:41<Julian>Votes?
17:41<shew>1741u: Yes
17:42<willix>1741u: yes
17:42<Julian>Great. Let's hope it works out.
17:42<Julian>So ordered.
17:42<Julian>willix: Do you change timezones often (e.g. when traveling)?
17:42<willix>not really that often
17:43<willix>I keep track, my watch has PDT as one timezone always
17:43<Julian>OK, then I'd love it if you could post your timezone (not necessarily your availability times) on http://new.openspf.org/Council_Members/Real-time_Availability .
17:43<willix>my cellphone actually (since I use it as watch)
17:43<Julian>...with a link to www.timeanddate.com, so we can all look up your timezone easily.
17:44*Julian gets confused by the letter timezones (PDT, MEST, etc.) all the time because some of them are ambiguous, and the numerical values are hard to remember.
17:45<shew>Hate to do this, but I have to step away for about 3-4 minutes. (Fortunately the reports section of the meeting doesn't involve votes.)
17:46<Julian>Well, OK, then I hereby retract my resignation as council chairman. I really hope we can get some coordination done in the future.
17:47<willix>great!
17:47<SDGathman>Thank you, Julian.
17:48<Julian>0.5. What about MarkK?
17:48<Julian>I have e-mailed MarkK a small number of times over the last 3-4 months.
17:48<SDGathman>Email is easy to miss.
17:48<Julian>At first I got no reaction, but then he suddenly showed up to one of our last meetings.
17:49<Julian>He admitted that his spam filter had run amok.
17:49<Julian>But I haven't read anything from him since shortly after that meeting.
17:50<Julian>I'm going to try calling him by phone, but other than that I have no idea how to contact him.
17:50<willix>Can we setup email accounts for council members on openspf box?
17:51<Julian>That should be possible, although earbone.openspf.org is running Exim, and I have little idea of how it works.
17:51<SDGathman>Do you mean a forwarding account, or yet another inbox to check?
17:51<Julian>I could ask Wayne.
17:51<willix>No inbox
17:51<Julian>Whatever you want.
17:51<SDGathman>Wouldn't help me.
17:51<Julian>Both should be possible.
17:52<Julian>I agree that it probably wouldn't make any difference.
17:52<SDGathman>I don't want a forwarding account unless it checks SPF... :-)
17:52<willix>The idea is that there would be account that you can relly on for council business, i.e. no case of blaming on spamfilter as with mark
17:53<Julian>I don't think MarkK was seeking excuses.
17:54<willix>Well, we need good way to reach him and get him to participate in council's ativities
17:54<Julian>Anyway, we had a similar situation last year when Meng was absent all the time. We had a hart time reaching quorum, so it was difficult to make some important decisions.
17:55<Julian>I think we should be prepared to replace MarkK as a council member if we don't manage to reach him. No offense, Mark!
17:55<shew>Let's ask him directly the next time we see him.
17:55<shew>That is, ask him how best to reach him.
17:56<Julian>Or we would have to lower the quorum.
17:56<Julian>Yeah, I'll ask him if I manage to get him on the phone.
17:57<Julian>Anyway, what are your thoughts about replacing an inactive council member or lowering the quorum?
17:58<shew>Hmm. I think we covered this in a previous meeting.
17:58<Julian>I remember that, too.
17:59<willix>I'm not thrilled but we could have a rule that if somebody does not show on any council meeting in 3 consequitive months, then other council members can vote to have that person replaced
18:00<SDGathman>Despite Julian's frustration, we *have* managed to have enough meetings.
18:01<Julian>I propose the following plan: I'll try to reach MarkK over the next two weeks, and if I haven't succeeded by Sat 2006-08-19 or our next meeting (whichever comes later), we (1) make a formal rule and (2) apply it to MarkK.
18:01<Julian>(That's not a formal motion.)
18:02<Julian>Is anyone against that?
18:02<willix>The thing is I have some reservations due to this being summer time, can you try to reach him up to first days of September and then we decide
18:03<Julian>Well, yeah, we can extend the deadline.
18:03<willix>i.e. give it another month instead of 2 weeks
18:03<SDGathman>Which reminds me, Aug 19 is Linux birthday party.
18:03<SDGathman>I was planning on attending locally at the park.
18:03<Julian>I'll be unavailable on the weekend of 2006-09-01..03.
18:04<shew>Me too. :-)
18:04<Julian>So, assuming we set the deadline to Sat 2006-09-09, is anyone against said plan?
18:04<shew>( :-) since I had mentioned it before.)
18:05<shew>Basically I'd want this to be compatible with the previous consensus that I can't quite remember.
18:06<Julian>There are no meeting minutes (yet), so we'll have to look it up in http://www.schlitt.net/spf/spf-council/ ...
18:07<shew>Not hit on "absen".
18:07<willix>May
18:08<Julian>We aren't going to make a formal resolution on this today, so there's probably no hurry in researching what our previous conclusions were.
18:08<willix>The discussions were on May 06 meeting
18:08<willix>there was no consensus on what to do then either
18:08<Julian>http://www.schlitt.net/spf/spf-council/2006/05/06_irc_log.html#20060506T1825
18:12<Julian>Anyway, I see no objections to the modified plan... Let's bring up the issue again later, at one of our meetings on or after 2006-08-19. Then I'll have had a chance to try to call MarkK.
18:12<Julian>Not good.
18:13<Julian>willix: Thanks for amending http://new.openspf.org/Council_Members/Real-time_Availability !
18:14<shew>Okay. I'm fine with the make-rule-on-8/19 plan. (Apparently in May we also tabled the discussion.)
18:14<Julian>shew: Yeah, and MarkK resurfaced up shortly after that meeting.
18:14<Julian>s/up//
18:15<Julian>Alright, now we're finally at agenda item 1.
18:15<Julian>1. General reports
18:15<Julian>I don't remember what to report, besides the website, the test suite, and my work on Mail::SPF.
18:16<Julian>I'd be very much interested on a summary of the policy discussions on the ietf-dkim mailing list, though! Can the discussion be summarized in less than ~5 sentences?
18:17<Julian>Or, more importantly, has anyone here followed the discussion over the past week in the first place?
18:17<shew>I haven't.
18:17<willix>I've tried but there are many messages
18:17<Julian>Yeah, a huge lot!
18:18<Julian>SDGathman?
18:18<SDGathman>I haven't tried.
18:18<Julian>OK. Too bad. I think ScottK followed the discussion at least in part.
18:19<Julian>I saw that Hector Santos and one or two other spf-discuss regulars has been participating in the discussion.
18:19<shew>My report is very short, given that I've been almost awol on my spf-ish responsibilities. :-/ However, from my day job working for an ESP, I can see that the lack of a readable website is hampering a lot of folks' understanding of SPF. So in other words: Please feel free to prod me on website work.
18:19<willix>There is no consensus there with what appears to be gwo groups one for minimum or no policies (John Levine, Dave Crocker) and one for fairly compherehsnive policy system (Hector, me, Bill Oxley probably, etc)
18:20<Julian>What does "comprehensive policy system" mean?
18:20<willix>The biggest issue for DKIM is its inability to properly deal with mail-lists and not consensus on how to translate it into policy rules for 3rd signers
18:21<Julian>Does this "comprehensive policy system" that has been proposed cover only DKIM signatures? Or more than that?
18:22<willix>See Hector's DSP proposal
18:22<willix>Only DKIM
18:22<willix>Phillip proposed working on something a lot bigger (which to a degree I agree with) but there is probably not enough interest to go that route
18:23<Julian>I think we should ask those spf-discuss regulars who participated in the ietf-dkim debate to summarize it for us on spf-discuss.
18:23<willix>You cn assume for now that DKIM policy record is not going to collide with SPF.
18:24<willix>Except for reuse of TXT record of course
18:24<Julian>I am planning to make some advancements on SPFv2.5 after I finish the first one or two solid releases of Mail::SPF (which might happen within the next 2-3 weeks.
18:24<Julian>)
18:24<Julian>IOW, I intend to write a very rough draft spec.
18:25<Julian>Then we can see the potential merits and decide whether we want to continue the work on it.
18:26<Julian>Could one of you write a message to spf-discuss later this weekend asking for a summary of the policy debate on ietf-dkim?
18:26<willix>The discussion on it will need to happen on spf-discuss though
18:26<Julian>Agreed.
18:28<willix>this is not an official council request, so you should feel free to just ask as member of spf-discuss yourself (either me or Scott or both will end up answering you)
18:29<Julian>OK, will do.
18:29<Julian>Anything else from the past weeks/months that's noteworthy?
18:30<shew>Is this the right place to talk about the online-versus-offline sort-of-debate?
18:30<shew>for the validation test suite data
18:30<Julian>No.
18:30<willix>I was at IETF as you know
18:30<Julian>SDGathman: Any news from your end?
18:31<Julian>willix: Ah. Anything interesting? :-)
18:31<willix>One of the issues that we may want to address later is that IETF is working on email internatialization
18:31<Julian>I think I read something about that. I don't know the details, though.
18:31<willix>So domains may not necesarily endup being ASCII in the future
18:31<SDGathman>I did 3 sections for the test suite.
18:32<Julian>Reports on the website and the test suite are due in a few minutes.
18:32<SDGathman>domains will still be ascii - just coded like email headers are now.
18:32<Julian>Oh no.
18:32<Julian>RFC 2047 is one of the most brain-dead inventions I have ever seen.
18:32<willix>No, email header is going to be UTF8 and so will mail session addresses
18:33<SDGathman>Ok, coded 8-bit.
18:33<SDGathman>That is a little better than coded ascii.
18:34<Julian>Punycode is the second worst invention.
18:34<willix>If this gets much further I'll bring it up on spf-discuss, I'm on IMA mail list (ima@ietf.org - EAI WG)
18:34<willix>Anyway, lets discuss this particular issue later because its rather non-trivial
18:34<Julian>I think SPF is on the safe side wrt. forward compatibility as we only allow ASCII for now. So we are free to define new semantics for non-ASCII bytes.
18:34<Julian>Right.
18:35<Julian>2. Press release?
18:35<Julian>This was from the days shortly after we made our last news announcement on spf-announce.
18:36<Julian>I think there's no point in trying to make a press release now.
18:36<Julian>But perhaps we should work on another news announcement?
18:36<willix>We should announce when new website goes live
18:36<Julian>Please send all news ideas to spf-council. We'll collect them and then see if we can make an interesting announcement.
18:37<shew>I agree with willix.
18:37<Julian>That concludes "2. Press release?".
18:37<Julian>I agree as well, but still, please send news ideas to spf-council.
18:38<Julian>3. The new website
18:38<Julian>I compiled a short report and sent it to spf-council: http://archives.listbox.com/1943/200607/0014.html -- please read it now if you haven't already.
18:39<Julian>Say "done" when you're done.
18:41<SDGathman>done.
18:42<shew>done
18:42<willix>I went to http://archives.listbox.com/1996/200606/0026.html
18:42<willix>Can we have message on the webmasters list which lists old page and new page so everyone would compare?
18:42<SDGathman>We need a FAQ entry on SASL SMTP and Outlook.
18:42<SDGathman>I don't know the answers myself.
18:43<Julian>willix: All the old pages that have a corresponding new page have already been replaced with a Redirect to the new page.
18:43<Julian>SDGathman: Could you write just the question(s) on a FAQ page?
18:43<Julian>Then maybe someone else can write in the answers.
18:44<SDGathman>Where do we annouce that we are going to work on a page, and where do we report that we are done, and what the WIki name is?
18:44<willix>Ok, so that message (1996/200606/0026.html) lists pages that have not been replaced, right?
18:44<Julian>SDGathman: Post to spf-webmasters.
18:45<Julian>Like, "I'm going to transition the page 'foo' and will name it 'Foo Foo'."
18:45<Julian>willix: Right.
18:45<willix>that's is considerablly more then i expected...
18:45<Julian>Well, much of the stuff isn't really that important.
18:46<shew>I'll have time this coming week to do website work.
18:46<SDGathman>Can we ditch the annoying pictures?
18:46<Julian>Remember, being on the council doesn't imply doing all the work. Ask for help on spf-discuss etc.! (Of course that doesn't guarantee that anyone will actually do help.)
18:46<Julian>What pictures?
18:47<SDGathman>THe random smiling people.
18:47<SDGathman>http://www.openspf.org/whatdoes.html
18:48<shew>As a side note, the front page of the new site looks far to "busy" to me. (I'll put together suggested alternate front page on another page.)
18:48<shew>far too "busy", that is.
18:50<Julian>I think we should do away with the random images.
18:50<shew>Me too.
18:50<Julian>shew: Please do make an alternative front page. I like it as it is now, but that doesn't mean it can't be improved.
18:51<SDGathman>Good. We should keep any logos and trademark images.
18:51<shew>Maybe there's an artist-type on spf-discuss who would be good at drawings that fit in with the pages.
18:51<willix>We should just ask
18:51<Julian>Ask on spf-discuss if you want.
18:52*Julian is trying to avoid additional work at the moment as he is still working on Mail::SPF in order to get the new record wizard and "why" page done.
18:52<shew>Let me think on the needs more and I will do so.
18:53<Julian>(Besides there's the organizational work I have been doing.)
18:54<Julian>Oh, I extended the "Contact" page <http://new.openspf.org/Contact> to roughly include the non-history stuff from the old media page <http://www.openspf.org/media.html>.
18:54<SDGathman>Executive summary has lists of companies that support SPF. How should those be updated?
18:55<SDGathman>I suppose that is important info for management types.
18:55<Julian>I think those should be dropped. Our company contacts aren't sufficient for maintaining such a list.
18:56<Julian>Or do you mean the well-known domain names that have SPF records?
18:57<Julian>Perhaps we can compile a list of product vendors from the implementations page <http://new.openspf.org/Implementations>?
18:57<willix>At best we can provide page where people representing different companies and organizations can post quick summary about their use and/or support of SPF
18:57<Julian>We can do that. The wiki software allows making certain pages r/w for everybody.
18:58<Julian>I'm not sure, though, whether that's necessary for the corporation types. If they want to be listed, they are usually very willing to fill in a contact form or send us a mail.
19:01<SDGathman>What is the deal with the logos page: http://www.openspf.org/misc.html
19:02<SDGathman>Are yoiu supposed to download the big image, and crop your selection?
19:02<Julian>No, I think those are actually several separate, smaller images.
19:03<SDGathman>Ok, just confusing presentation on my browser.
19:03<SDGathman>Looking at the page source, I can see that.
19:03<Julian>OK, any more comments on how the website transition should be organized?
19:04<shew>Can we set a deadline for ourselves?
19:04<Julian>(I think the composition of the logos on the old page is pretty clever. We should keep that composition.)
19:04<shew>Say it will be official by some specific time?
19:04<Julian>We can, but I'm far from convinced that a deadline would do any good.
19:05<Julian>There aren't a lot of people working on the website (that is, almost no one). Setting a deadline won't change that.
19:05<shew>Okay.
19:05<SDGathman>I will do two pages this week end.
19:05<shew>Then I'll spend some time this coming week.
19:07<Julian>I have one last comment: I originally planned to use the existing Mail::SPF::Query for the new record wizard and "why" page, but then I decided to finish Mail::SPF and use that instead, because Mail::SPF::Query is a mess internally and it wasn't designed to do record synthesis or anything besides mere record checking. The old record wizard and why page only achieve what they do by fiddling with M:S:Q's internals, and I really
19:07<Julian>want to avoid that.
19:08<willix>So what is your comment besides that it's a mess?
19:09<Julian>If I touch the wrong sub or variable among M:S:Q's guts, a xenomorph <http://en.wikipedia.org/wiki/Xenomorph_(Alien)> is going to hatch within M:S:Q's chest and kill me.
19:09<Julian>I just wanted to explain why I decided to use the yet-unfinished Mail::SPF instead of the already-finished M:S:Q.
19:10<Julian>So, let's move on.
19:10<Julian>"4. The test suite"
19:10<willix>BTW - do you mind if when you fishin with Mail::SPF I "translate" it into PHP?
19:11<willix>finish
19:11<Julian>SDGathman: Can you give us a short report beyond what's already mentioned in http://archives.listbox.com/1943/200607/0015.html =
19:11<Julian>?
19:11<SDGathman>Informal YAML schema published.
19:11<Julian>(willix: Not at all, of course. Mail::SPF will be released under the Artistic license and GPL.)
19:11<SDGathman>Sections 4.3 - 4.5 commited to svn
19:12<SDGathman>Test driver for pyspf commited to contribs directory in svn.
19:12<Julian>(Ah, no, strike that. Mail::SPF will be released under the BSD license.)
19:13<Julian>I can add that I am planning to do a formal test data schema in Relax-NG (probably) shortly.
19:14<Julian>FYI, the test suite's project page is at http://new.openspf.org/Test_Suite
19:14<SDGathman>After a discussion with Julian, the test suite targets implementations that check both SPF and TXT records, or SPF records only. However, it is designed so that a test driver can duplicate SPF records to TXT records for use with TXT only implementations.
19:17<Julian>I commit to creating the formal test data schema and a Perl processor by coming Thursday.
19:18<Julian>("processor" meaning just "parser" for now.)
19:18<SDGathman>In addition to two web pages, I'll do another section or two of tests.
19:18<Julian>SDGathman: Perhaps you should ask for help more concretely on spf-discuss, like, "can someone please do section X?".
19:18<SDGathman>I looked at translating wayne tests, but they depend on a default explanation - which we decided not to implement.
19:19<Julian>s/spf-discuss/spf-discuss and spf-devel/
19:19<Julian>Yeah. But we can still use the points that Wayne's tests are making.
19:20<Julian>..but maybe it's simpler to just read the spec and write tests off the top of one's head.
19:20<SDGathman>We need both.
19:20<SDGathman>The rfc-4408 suite is specifically from reading the spec and writing the obvious tests.
19:21<Julian>Yeah.
19:21<SDGathman>However, wayne's suite represents practical experience - just needs translating and updating.
19:21<SDGathman>I included the pyspf suite, but it is tiny.
19:22<Julian>Is it tiny originally, too?
19:23<SDGathman>Yes, I originally tested pyspf against wayne's suite, but started a new suite because of the cumbersome format of wayne's.
19:24<SDGathman>We need someone to write a test driver for libspf2.
19:24<Julian>BTW, I think we should try to get Wayne to write an adapter for libspf2 that reads online test data. It may not be trivial, but libspf2 is still one of the best SPF implementations that are out there, and we should be able to state how compliant it is.
19:24<Julian>Uh, right. :-)
19:24<SDGathman>If YAML is a problem, I can export the suite as my extended BIND syntax.
19:25<willix>extended?
19:25<SDGathman>Uses TEST class (as opposed to IN) to hold test fields.
19:26<SDGathman>E.g.
19:26<SDGathman>test1 TEST HELO mail.example.com
19:26<SDGathman>TEST MAILFROM foo@example.com
19:26<SDGathman>...
19:26<Julian>Norman Maurer, one of the authors of jSPF, asked on spf-devel (on 2006-07-25) for the test suite. I think he's awaiting the test suite eagerly.
19:27<Julian>If we could manage to get the new website and the test suite done in August, that would be awesome!
19:27<SDGathman>I emailed him when I commited sections 4.3 - 4.5. I hoped he could check that a driver was easy enough for jSPF.
19:27<SDGathman>I haven't heard back.
19:27<Julian>So far, so good. Any other issues wrt the test suite that should be discussed now (vs. on spf-devel)?
19:28<Julian>So let's move on to the next item.
19:28<Julian>5. Making other progress on the project agenda?
19:28<Julian>http://new.openspf.org/Project_Agenda
19:29<Julian>We're currently working on items 2 and 3. Both may be finished soon.
19:29<Julian>#4 is "Update the list of library implementations, determine their states, and determine if one of them can be blessed as reference implementation immediately".
19:29<Julian>That should be a lot simpler as soon as the offline and online test suite is done.
19:30<willix>so we should postpone this for now
19:30<Julian>We might want to set up a small "certification program" in order to get implementations certified as compliant.
19:31<willix>again - we need test suite first
19:31<Julian>Like, "if you want your software to be certified by us, demonstrate that it passes the test suite".
19:31<Julian>Agreed.
19:31<Julian>#5 is "Update the report on MTA support and get SPF into more MTA distros (in core or as plugins)"
19:32<Julian>(I'm just trying to look a bit into the future.)
19:32<willix>BTW - we should consider making announcement about test suite together with website
19:32<Julian>Yes, definitely.
19:32<willix>in that case having info about this certification program on website together with news about testsuite would be ideal
19:32<Julian>About #5, I think we made some small progress with Exim in Debian now having SPF support included.
19:34<Julian>We will have to develop a more scientific approach in measuring the degree of SPF support in MTAs and OSes.
19:35<Julian>Like, setting up a few tables, measuring the degree of compliance, compare "native support" vs. "support using a module/policy-daemon/etc." and so on.
19:35<Julian>(That also covers #6.)
19:36<SDGathman>SPF compliance only covers SPF results.
19:36<Julian>About #7, "Start a grassroots "Spread SPF!" campaign to get in touch with domain owners and ESPs/ISPs.", I would really love to start that campaign before the end of this year, because I think it is really needed. But it needs some solid conceptual work.
19:36<SDGathman>MTA policies regarding rejecting/filtering mail are not our job to judge.
19:37<Julian>And I think such a campaign would run better if work on SPFv2.5 was already begun. And there's no consensus about another SPF revision (and whether to do it in the first place) yet.
19:37<SDGathman>Or should we also critique MTA policies related to SPF?
19:37<Julian>So, those are my thoughts on the agenda. Please speak your minds.
19:37<shew>Spread-spf definitely depends on 2-5.
19:38<Julian>Agreed on 2-4. What about #5?
19:38<Julian>The campaign could include a call to implement/distribute.
19:38<shew>True. 5 is iffy. But either way--it can't proceed until we have an updated official web site at the very least. :-)
19:38<shew>I mean, the dependency on 5 is iffy.
19:38<Julian>No question.
19:38<Julian>:-)
19:40<willix>I think we should continue our focus on website and test suite and once ready reaccess todo list making more detailed proposals
19:40<Julian>Agreed.
19:41<Julian>Sooner or later we should ask ourselves if there is a need to modify the project agenda?
19:41<Julian>I think the current agenda is still fine.
19:42<shew>So anything left on this area?
19:43<shew>#5-project-agenda?
19:43<shew>(Stepping on Julians toes here possibly.)
19:43<Julian>SDGathman: "Or should we also critique MTA policies related to SPF?" -- Why not? Well, it's a matter of time available. If someone thinks there's something wrong, then we should mention that in our reviews.
19:43<Julian>shew: Keep stepping on my toes. It's not a problem.
19:44<Julian>OK, it seems there are currently no further issues wrt. the project agenda. I didn't expect otherwise.
19:45<Julian>I think we can drop "7. Establishing a legal entity for the SPF project?" for today, but...
19:45<Julian>"6. openspf.* domain name service?" we should discuss!
19:45<SDGathman>Julian: policy critique. There are two levels. correct SPF result is a well-defined. Good policy is a judgement.
19:46<Julian>SDGathman: I understand. Still, some policy my be just plain wrong, so if it comes up, we should point it out, I think.
19:47<Julian>Regarding the openspf.* domain name service, has anyone NOT read the very short thread on spf-council? http://archives.listbox.com/1943/200607/0016.html
19:47<Julian>Say "done" if/when you have read it.
19:47<willix>Regading legal entity, I still think we should seriously discuss entrusting spf domains to established open-source entity
19:48<Julian>(willix: Yes, but I fear we'll run out of time for today.)
19:48<willix>Have it available on the agenda for when we have some other meeting and have more time
19:48<Julian>Will do.
19:49<shew>cool
19:50*Julian points to said thread about the domain names issue. Read it?
19:50<shew>done
19:50<SDGathman>done
19:51<Julian>William already participated in the thread so he knows what it's about.
19:51<Julian>What do you think?
19:51<SDGathman>For option A, commercial secondary service is cheap.
19:52<willix>Is there need to do something right now (within next month)?
19:52<shew>Just to be clear: Is this really a question of how to have a safe way to keep the openspf* domains under long-term control of the project, and minimizing the risk of domain hijacking?
19:52<SDGathman>Shew: there are two goals.
19:52<SDGathman>One: allow needed changes to be made when Wayne is AWOL.
19:53<SDGathman>Two: keep the result reasonably secure against unauthorized changes.
19:53<willix>shew: keeping domains under control and minimizing risk of hijacking is what I mentioned above regarding entrusting them to another organization
19:53<Julian>I think there is no _immediate_ need to change the situation.
19:54<shew>My understanding is that SDGathman's point two is the harder then.
19:54<willix>Then I'd rather combine discussions on entrusting domains and nameservice
19:54<SDGathman>I prefer option A.
19:54<Julian>One occasion for when a change might be good is the test suite's online release.
19:54<shew>Entrusting them to another organization means changes would be slower and more cumbersome, but risk would be smaller.
19:55<SDGathman>There are two levels: domain registration and name service.
19:55<Julian>There are two separate levels of control: whois admin-c control and DNS control.
19:55<shew>Right.
19:55<Julian>Heh...
19:56<SDGathman>Whoever has registration can switch away from a hijacked name server.
19:56<SDGathman>Or switch to a new name service should maintainer go AWOL.
19:56<shew>On hijacking, I was thinking of admin-d/whois control.
19:57<Julian>I think we should leave registration with Wayne unless moving the domains to a trusted organization is really, and concretely, a superior alternative.
19:57<SDGathman>Ok.
19:57<SDGathman>But we need a way to make DNS changes when wayne is gone.
19:57<shew>Wayne was awol recently though.
19:58<shew>I would think both A and B together would make sense.
19:58<willix>5 years ago when my relative died during mountain claim, we've had serious issue with how to properly transfer domains maintained for couple fan sites to somebody else
19:58<Julian>What Wayne's suggestion (B) was about is that DNS control could be left with GoDaddy's systems and that he would turn login information to the DNS control panel (not whois control) over to someone else.
19:58<SDGathman>So a name server controlled by delegates is needed.
19:58<Julian>...as opposed to moving DNS control to separate non-GoDaddy servers entirely.
19:58<willix>for organized activity with multiple people involved and many relaying on it, it is a lot better to have domain in the hands of organization with multiple people available
19:59<shew>I would prefer an eventual domain transfer to an account controlled by spf council members, with all of the password holders pledging to cede control to the then-current council. (So if there are ever any disputes, we have intent in writing somewhere.)
20:00<SDGathman>If the contact email (used to reset password) is left in control of Wayne, then he could make the admin password for the DNS account available to spf-private.
20:00<SDGathman>Or selected delegates.
20:00<SDGathman>I agree that making spf-private the contact email for the DNS account is a bad idea.
20:01<Julian>About admin-c control, I think there's currently no need to change the situation. But I'd really like to see a change in the DNS control.
20:01<Julian>We can discuss at a future meeting what to do about admin-c control.
20:01<willix>Regarding DNS - I'd rather it be separate dns all secondary and either controlled by council members (I have like 10 available dns servers in different ip blocks) or other trusted volunteers
20:01<SDGathman>Agreed. (Does admin-c mean domain registration?)
20:02<Julian>Besides, in order to be able to discuss admin-c control comprehensively, someone would have to contact some trusted orgs first.
20:02<willix>Primary dns zone would be mainained on the openspf machine
20:02<willix>and anybody from council would be able to change that
20:02<Julian>SDGathman: The admin-c is the person who owns the domain, so, yes, this means registration.
20:03<willix>Julian: admin-c is not the person who ownes the domain
20:03<Julian>Yeah, there's owner-c, admin-c, and tech-c. Owner-c owns the domain, but admin-c has full powers...
20:03<willix>except for changing owner-c
20:04<Julian>I meant with regard to DNS. Sorry for being imprecise.
20:04<willix>owner-c can change admin-c however
20:05<willix>Regarding trusted organization, I can volunteer to contact Apache Foundation
20:05<Julian>Back on topic, is it really a good idea to maintain the primary zone info on earbone.openspf.org? I see no technical problems, but it could be a security issue.
20:05<Julian>At least Wayne raised concerns about that...
20:06<SDGathman>It would be better to put it in a commercial DNS server with password available to spf-private.
20:06<Julian>Personally, I think that it should be possible to run the zone primarily on earbone after a medium security audit of earbone.
20:06<SDGathman>The email account used to reset password should *not* be spf-private, however.
20:07<willix>ok, so we should maintain an extra rsynced copy of the zone somwhere else
20:07<SDGathman>Willix, YES
20:08<Julian>willix: Please do contact the ASF!
20:08<Julian>It's good to know what options we have wrt. domain registration.
20:09<shew>I can be one of the secondaries if you like.
20:09<Julian>OK, who here thinks that earbone should NOT be used as the primary?
20:09<SDGathman>I think earbone should NOT be used as primary.
20:10<Julian>Personally, I am undecided. I don't think that earbone is particularly insecure. Only few people have accounts, and only Wayne and I have root, though.
20:10<shew>I am ambivalent. What are the reasons against? (I assume that it's set up securely--chrooted and running as it's own user.)
20:10<willix>I'm actually undecided too. All I said is that somebody should keep extra copy of the zone which is not automaticly xfered but instead regularly rsynced manually with source control revisions
20:11<SDGathman>When possible, I like to keep independent functions independent. No sense in giving away the store with one crack.
20:11<SDGathman>Keeping rsync copy would be more difficult with commercial DNS - that is a point for using earbone.
20:11<Julian>Good point, SDGathman. I think we have access to enough other machines of our own, though, so we shouldn't have to resort to commercial DNS service.
20:12<Julian>Commercial service costs money and isn't at all guaranteed to be maintained more competently than among ourselves, I guess.
20:13<Julian>The only advantage I see with a commercial service is that the equivalent of "root" could be shared among all council members.
20:13<Julian>Shared control is important, though, or we'd be no better off than now.
20:14<Julian>Thoughts?
20:14<SDGathman>Don't need root access. Can configure named to allow zone modification for users in 'named' group.
20:14<willix>some commercial dns services are actually free for 1 or 2 domains
20:15<SDGathman>Reload is triggered by rndc which uses cookie - which can also be group readable.
20:15<Julian>SDGathman: Zone modification yes, but doesn't the name server have to be reloaded?
20:15<Julian>Ah.
20:16<Julian>willix: If you know services that are free _and_ good, please propose them to spf-council, ok?
20:16<shew>rndc/xrdnc don't require root, and neither does editing a zone file.
20:17<Julian>(BTW, I'm about to move my domain serving away from BIND to PowerDNS.)
20:17<willix>everydns, zoneedit
20:17<shew>I see no reason against moving primary dns to earbone, as long as it's done securely. I do have a bias against commercial services, but that may be an irrational bias.
20:17<Julian>willix: I meant spf-council, the mailing list.
20:17<willix>ok
20:18<Julian>willix: ...so we can evaluate those services without hurry.
20:18<SDGathman>In the case of single function services (e.g. DNS), commercial can be pretty good and low cost.
20:19<Julian>Ok, so let's collect candidates for a commercial service on the spf-council mailing list. I suggest that other plans be presented there, too, like hosting on earbone, or hosting on other machines of ours.
20:19<SDGathman>The main drawback to commercial that has been raised is difficulty of doing rsync backup.
20:20<Julian>Limited control may be in issue with commercial services, too. Who supports the SPF AKA TYPE99 RR type?
20:20<SDGathman>A zonetransfer backup could be ok if it is versioned so hijacks can be detected.
20:21<Julian>It may be a good idea to host the tests.openspf.org zone on earbone in any case. It could be delegated from somewhere else.
20:21<willix>by default xfer with named is not versioned, I had done some simple scripts to do it with cvs though
20:21<willix>running through cron
20:23<Julian>So is the plan of collecting commercial services and individual hosting proposals on the spf-council list a good one?
20:24<willix>yes, its fine
20:24<shew>I'm, uhm...still not sure of why earbone is not acceptable.
20:24<shew>I have no objection of all these proposals, but it seems..overkill.
20:24<Julian>_I_ don't think it's not accceptable.
20:24<Julian>I can send a proposal regarding earbone to spf-council.
20:24<shew>of people proposing things to spf-council that is.
20:25<shew>That's cool.
20:25<Julian>So let's all try to submit an idea or two, and conclude today's meeting, ok?
20:25<shew>Okay.
20:25<Julian>Just in case: Does someone want to quickly discuss another issue?
20:26<willix>We're quite late
20:26<shew>Nothing else here.
20:26<Julian>willix: I'm aware of that. We had quite a backlog of important issues.
20:26<Julian>Motion: Adjourn the meeting.
20:27<Julian>(2026u)
20:27<willix>seconded
20:27<Julian>Votes?
20:27<Julian>yes
20:27<shew>2026u: yes.
20:27<willix>2026u: yes
20:27<SDGathman>2026u: yes
20:28<Julian>The meeting is hereby adjourned. Thank you, gentlemen!
20:28*Julian is really happy that we managed to get up to speed again.
20:29<willix>So next satarday at 17:00 UTC, we try to meet again, right?
20:29<shew>Great. :-)
20:29<shew>yup.
20:29<Julian>The more issues we can handle on the spf-council mailing list, the fewer/shorter the real-time meetings we need.
20:29<Julian>I'll be there.
20:31<willix>Julian, BTW can you email spf-council regarding email with your resignation
20:31<Julian>Yes, I'm writing that message right now.

This report was generated at Sun Aug 6 00:00:00 UTC 2006.