This is the recent traffic on the #SPF-council IRC channel on irc.pobox.com. Anyone may join the channel, but only council members can talk.
If you do not have access to IRC, you may view the recent traffic at: http://www.schlitt.net/spf/spf-council/now/irc_log.html.
This log can be can be viewed at: http://www.schlitt.net/spf/spf-council/2007/01/13_irc_log.html.
IRC nicknames:
| Julian | Julian Mehnle |
| MarkK | Mark Kramer (asarian-host.net) |
| SDGathman | Stuart Gathman |
| shew | Mark Shewmaker |
| willix | William Leibzon |
| freeside | Meng Weng Wong |
| gconnor | Greg Connor |
| grumpy | Wayne Schlitt |
| --- Sun Dec 16 17:14:28 UTC 2007 --- | ||
| 17:14 | <SDGathman> | Hello? |
| 19:06 | <Julian> | I just got back. |
| 19:07 | <Julian> | No one pinged me. |
| 19:16 | <shew> | Hello. |
| 19:19 | <Julian> | hi shew |
| 19:20 | <Julian> | Now if we just got MarkK or William (I wonder where he is). |
| 19:20 | <Julian> | I think I'm going to have dinner now. Ping me if at least one of them arrives. |
| --- Sat Jan 13 16:35:53 UTC 2007 --- | ||
| 16:35 | <Julian> | Howdy. |
| 16:37 | <SDGathman> | Hello |
| 17:05 | <Julian> | Hrrrm... |
| 17:11 | <Julian> | *sigh* |
| 17:22 | <SDGathman> | Nobody coming? |
| 17:23 | <Julian> | I'm wondering, too. |
| 17:47 | <Julian> | Well. I'm off on a quick shopping for ~25min. Perhaps the rest of the council shows up after that... |
| 18:20 | <Julian> | Uh? |
| 18:37 | <Julian> | hi willix |
| 18:37 | <willix> | hi |
| 18:37 | <willix> | I'm early, right |
| 18:38 | <Julian> | No, you're late. :-) |
| 18:38 | <Julian> | UTC seems to be a difficult concept. ;-) |
| 18:38 | <SDGathman> | No, daylight savings time is a complex and annoying concept. |
| 18:38 | <Julian> | Right. But there's no DST at this time of the year. |
| 18:39 | <SDGathman> | That is what is annoying to keep track of. |
| 18:39 | <willix> | so the meeting concluded today? |
| 18:39 | <Julian> | There hasn't been a meeting yet. |
| 18:40 | <willix> | hold on, what time was it scheduled for? |
| 18:40 | <SDGathman> | DST is annoying to farmers (cows don't change their clocks). It is annoying to office workers. It only made sense for factory workers with natural lighting. |
| 18:40 | <willix> | BTW - regarding DST, the most annoying thing is when your programs dont understand it and it screws up your logs |
| 18:41 | <willix> | some very big libraries have issues like Java Hibernate |
| 18:41 | <willix> | anyway this is OT |
| 18:42 | <Julian> | I'm eating hot pizza right now. I'll be available in ~15min. |
| 19:00 | <Julian> | <Julian> I'm eating hot pizza right now. I'll be available in ~15min. |
| 19:00 | <Julian> | I'm done now. |
| 19:00 | <Julian> | Say when you're ready. |
| 19:02 | <SDGathman> | ready |
| 19:06 | <willix> | I'm available too |
| 19:06 | <willix> | [william@sokol ~]$ date -u |
| 19:06 | <willix> | Sat Jan 13 19:06:24 UTC 2007 |
| 19:07 | <willix> | we do seem to be a bit off on scheduled time... |
| 19:08 | <Julian> | Apparently. |
| 19:08 | <Julian> | shew: You there? |
| 19:19 | <Julian> | shew? |
| 19:19 | <shew> | Yes. |
| 19:20 | <SDGathman> | That makes four! |
| 19:21 | <Julian> | shew: Are you ready? |
| 19:21 | <willix> | Julian, can you call meeting to order officially (or do we not do it any more?) |
| 19:21 | <Julian> | I just don't put it into formal words. |
| 19:22 | <Julian> | "So, let's start!" |
| 19:22 | <Julian> | So, let's start! |
| 19:22 | <Julian> | willix: Are you still willing to be the election officer for the elections? |
| 19:22 | <willix> | Yes |
| 19:23 | <Julian> | OK. |
| 19:23 | <Julian> | Motion: Appoint William as the election officer. |
| 19:23 | <shew> | 1922u seconded |
| 19:23 | <Julian> | Votes? |
| 19:23 | <SDGathman> | 1923u yes |
| 19:23 | <Julian> | 1922u: yes |
| 19:23 | <willix> | 1923u abstain |
| 19:23 | <shew> | 1922u: yes |
| 19:24 | <Julian> | So ordered. willix, I assume that you accept. |
| 19:24 | <willix> | yes |
| 19:24 | <Julian> | Thank you! |
| 19:24 | <Julian> | Do you have any questions with regard to your duties? |
| 19:24 | <willix> | I'll most likely ask you by email later |
| 19:24 | <Julian> | Do it publicly on spf-discuss. |
| 19:24 | <willix> | my understanding is that I need to check first with candidates as to who is willing to serve |
| 19:25 | <Julian> | Yeah. |
| 19:25 | <willix> | then setup voting and announce it |
| 19:25 | <willix> | and then check on if there are any reported issues with voting and results |
| 19:27 | <Julian> | OK. Any objections to going on with our pretty short agenda? |
| 19:27 | <SDGathman> | No. |
| 19:27 | <shew> | No |
| 19:27 | <Julian> | 2. Official clean-up of the project agenda <http://www.openspf.org/Project_Agenda> |
| 19:28 | <Julian> | Can we agree on moving the three striked items to a "Historical" section? |
| 19:28 | <shew> | agreed |
| 19:29 | <SDGathman> | Yes. We also need an "Education" item. There are several urban legends regarding SPF floating around. |
| 19:29 | <willix> | yes |
| 19:29 | <Julian> | Sounds good. |
| 19:30 | <Julian> | However, we shouldn't try to preempt the next council. Should we add the "education" item to the "Loose collection of outstanding tasks" for now? |
| 19:30 | <SDGathman> | ok |
| 19:31 | <Julian> | ... say, under a "Public Relations" super item? |
| 19:31 | <shew> | Much better. |
| 19:31 | <Julian> | Or is it a pure website issue? (I don't think it is.) |
| 19:32 | <willix> | education is not pure website |
| 19:32 | <Julian> | OK, I see no dissent. |
| 19:32 | <shew> | Public relations is a good heading, a sub-item of "address SPF misconceptions" would cover things |
| 19:33 | <willix> | "grass-roots" compaign also more or less goes under that |
| 19:34 | <shew> | Ahh. |
| 19:34 | <Julian> | OK. I cleaned the page up. Reload and complain if necessary. |
| 19:34 | <shew> | Cool. |
| 19:35 | <shew> | Delete the remaining strike-through items? |
| 19:35 | <SDGathman> | Good accomplishments for our spare time! |
| 19:35 | <shew> | And move "Write directed responses to FUD articles" somewhere under the new public relations heading? |
| 19:36 | <Julian> | OK. |
| 19:36 | <shew> | (I don't want to get into too much detail-oriented discussions on this part during an actual meeting, but this looks pretty straightforward and quick. |
| 19:36 | <shew> | ) |
| 19:36 | <Julian> | Any objections to moving the "Update the News" under the "Continuing tasks"? |
| 19:37 | <Julian> | Otherwise I'd have to delete it and that doesn't seem right to me. |
| 19:37 | <willix> | its fine to move it there |
| 19:37 | <shew> | Oh yes--I missed that. |
| 19:37 | <SDGathman> | no objection |
| 19:37 | <shew> | no objection |
| 19:38 | <Julian> | What happened to the overhaul of the front page? |
| 19:38 | <shew> | Uhm..I swear I will do so. |
| 19:38 | <shew> | (Fortunately this is uncoupled with everything else.) |
| 19:38 | <Julian> | OK, should I leave it in and remove the <strike>? |
| 19:39 | <SDGathman> | I like the Project Overview. |
| 19:40 | <shew> | "Review and revise the FAQ" should really be a continuing task. |
| 19:40 | <Julian> | I changed it to "Maybe overhaul the [[Project Overview]] page" (and removed the <strike>). |
| 19:40 | <shew> | Well, it could go either way I think--it's between catagories. |
| 19:41 | <Julian> | OK, saved the page again. |
| 19:42 | <Julian> | Now that we have several implementations complying with the test suite, is there a need to "Bless one or more of the library implementations as reference implementation(s)"? Or don't we need any blessed ref implementations? |
| 19:43 | <Julian> | (Not wanting to bless any ones _now_. Just wondering whether the agenda item is obsolete.) |
| 19:43 | <willix> | either we need to list which implimentations are comply or list one |
| 19:44 | <willix> | so one option is additional column on implimentations page which specifyies if library has been tested against the suite and which version and when |
| 19:44 | <SDGathman> | I would like to list implementations that pass the test suite (and which version). There needs to be a formal process for reviewing test compliance. |
| 19:44 | <Julian> | I think it may be best to list all compliant implementations with short descriptions (1 paragraph each or so) and not "bless" any ones specifically. |
| 19:44 | <shew> | I don't see the need for a blessed reference implementation, and I would be fine with moving that to historical with some sort of note saying we decided not to bless one as a reference. |
| 19:44 | <Julian> | I agree with SDGathman. |
| 19:45 | <SDGathman> | I noted Julian had trouble running tests for jSPF. I work with Java, so I probably should have offered to do that one. |
| 19:45 | <Julian> | Or maybe change it to "Create brief directory of implementations that are compliant with the test suite"? |
| 19:45 | <Julian> | SDGathman: I didn't really have trouble, I just got their raw debug output, which was hell of confusing and not helpful. |
| 19:46 | <willix> | create reference of implimentation versions complying with test suite |
| 19:46 | <Julian> | (They made some changes, but I haven't managed to test it again yet.) |
| 19:46 | <shew> | "Maintain lists of implementations and their compliance with the test suite" |
| 19:46 | <SDGathman> | "we decided not to bless one as a reference" - yes, the test suite has become the reference. And that works well since the results are deterministic in offline form. |
| 19:46 | <shew> | or anything like that, sure. |
| 19:47 | <Julian> | Well, a test suite cannot really take on the role of a reference implementation. No sample code in there. |
| 19:47 | <Julian> | However, _any_ compliant implementation could play the role of a reference implementation. |
| 19:47 | <SDGathman> | So pick one. Maybe we could bless one implementation per language. |
| 19:48 | <willix> | that's actually not a good approach |
| 19:48 | <Julian> | Maybe "reference implementation" is just a buzzword? |
| 19:48 | <shew> | Given open source implementations..anyone can already look at code of implementations that pass the test suite. |
| 19:48 | <shew> | I guess I don't understand the actual goal of a reference implementation given multiple existing implementations that pretty much pass the suite. |
| 19:48 | <Julian> | I think shew's wording proposal is good: "Maintain lists of implementations and their compliance with the test suite" (under continuing tasks) |
| 19:50 | <SDGathman> | I concur with shew's wording |
| 19:50 | <willix> | You should probably combine "SPF Implimentations" and "MTA Support" under something like "SPF Software Support" |
| 19:51 | <Julian> | No, I don't think this is a good idea. I'd rather split the "Implementations" page into "libraries" and "MTA support". |
| 19:51 | <Julian> | (this is something that I have been wanting to propose for a few months) |
| 19:51 | <Julian> | They have different target audiences. |
| 19:51 | <willix> | I mean on the agenda list - not necessarily website |
| 19:52 | <shew> | (The implementation of goals--namely how the website is structured, is a separate thing from the wording fof the agenda.) |
| 19:52 | <shew> | (Willix beat me to that. :-) ) |
| 19:52 | <Julian> | But why change it to the less specific wording of "SPF software support"? |
| 19:53 | <Julian> | ... which reminds me that one day we ought to develop a method for testing black box implementations such as MTAs that don't use a tested SPF library. |
| 19:53 | <willix> | look at the agenda - you have several differents parts - one is documentation (website), another is public relation and 3rd is development |
| 19:53 | <willix> | "you'd have" |
| 19:53 | <willix> | this is a good structure for project |
| 19:55 | <Julian> | SDGathman: What do you think of merging the "SPF implementations" and "MTA support" under "Tasks related to existing project agenda items" into something like "SPF software support"? |
| 19:55 | <SDGathman> | Thats fine. But libraries and MTA support need to be separate. |
| 19:55 | <shew> | I guess I'm ambivalent on this so far--currently "implementations" to me means testable libraries, where "MTA support" is slightly more nebulous. |
| 19:56 | <SDGathman> | Yes, MTA support is much harder to test. |
| 19:56 | <SDGathman> | It is pretty much the glue between an MTA and a library implementation. |
| 19:56 | <Julian> | So s/SPF implementations/SPF library implementations/ to clarify things and keep them separate? |
| 19:57 | <SDGathman> | However, someone wanting to implement SPF need to find/write that glue between library and MTA. |
| 19:57 | <shew> | If you like. I will not object to any changes in this area--they are in my mind all strictly editorial in nature. |
| 19:57 | <Julian> | SDGathman: Are you using the term "implement" as a substitute for "deploy"? |
| 19:57 | <SDGathman> | Yes |
| 19:58 | <Julian> | OK. We need to be careful not to confuse "implement" and "implement". |
| 19:59 | * | shew makes a mental note to always compare the sha1 hashes. |
| 20:00 | <Julian> | OK, I renamed the "Bless ..." into "Create/update list of library implementations and their compliance with the test suite" and moved it under "Continuing Tasks" |
| 20:00 | <Julian> | Any objections? |
| 20:00 | <Julian> | (Maybe I should have just renamed and not moved it.) |
| 20:02 | <Julian> | OK, I have no further ideas for cleaning up the agenda. Do you? |
| 20:02 | <shew> | One thing: |
| 20:02 | <shew> | Haha: |
| 20:02 | <shew> | We can now remove "SPF library implementations:" |
| 20:02 | <shew> | Technically it's a duplicate of what you just put under continuing tasks. |
| 20:02 | <Julian> | Right. Doh. :-) |
| 20:04 | <Julian> | Killed. And I moved the "Create/update ..." (formerly "Bless ...") back under non-continuing tasks. Yes, it will be a continuing task at some time, but for now, it needs to be done once in the first place. |
| 20:05 | <Julian> | Any other wishes? |
| 20:05 | <shew> | "Review and revise the FAQ" would be a continuing task. |
| 20:05 | <shew> | Or rather, |
| 20:05 | <shew> | "Keep the news and faq up to date". |
| 20:06 | <willix> | maybe consider merging "Continuing Tasks" with "Tasks Related to existing project agenda" |
| 20:06 | <Julian> | shew: OK, since the FAQ has been reviewed and updated this year, I think "keeping it up to date" is what's now in order, so I think that's reasonable. |
| 20:07 | <Julian> | No, the "Tasks related to existing project agenda" cannot be merged with the project agenda, because the project agenda is under the council's control, while the list of related tasks isn't. |
| 20:07 | <Julian> | (at least not exclusively) |
| 20:09 | <Julian> | Alright, if you don't have any strong desires for additional modifications, let's conclude this topic, OK? |
| 20:09 | <willix> | "Getting SPF into move MTA distros" is really not under council's control either |
| 20:09 | <Julian> | Not the getting it done, true, but the goal per se is. |
| 20:10 | <willix> | its the same for the rest of the outstanding tasks - they are all continuing tasks really. |
| 20:10 | <willix> | but lets move on |
| 20:10 | <shew> | Agreed on the move-on. |
| 20:10 | <Julian> | OK. Anyone NOT having the time or lust for handling "3. Conclusions on the DDoS issue" now? |
| 20:11 | <shew> | Me, sort of. |
| 20:11 | <shew> | I still am not completely clear on all the issues. |
| 20:11 | <SDGathman> | I scheduled for 12-1, and have missed my haircut. |
| 20:11 | <shew> | I understand that a good part of them are not really SPF-related, but are part of dns. |
| 20:11 | <willix> | almost all of them |
| 20:11 | <Julian> | SDGathman: What's "12-1"? |
| 20:11 | <SDGathman> | 17u-18u |
| 20:12 | <Julian> | Oh. |
| 20:12 | <Julian> | OK. I'm really sorry. But I guess this time you'll have to complain to someone else. |
| 20:12 | <Julian> | Should we drop meeting agenda item #3? |
| 20:12 | <willix> | hold on |
| 20:13 | <SDGathman> | The only thing that would shed more light is an actual metered DOS session - and that requires time from someone to create. |
| 20:13 | <willix> | it maybe worth it to add some sort of item under other tasks related to DoS issues further debugging (just don't name it "DoS" actually) |
| 20:13 | <shew> | Hmm. That's a good idea. |
| 20:14 | <Julian> | Well, I'd like to make one comment on the DoS issue. |
| 20:14 | <Julian> | Not sure if it does any good if some of us feel they don't understand the issue, but... |
| 20:14 | <shew> | Please do feel free. |
| 20:15 | <Julian> | In _my_ opinion, the most valuable conclusion from our earlier discussions of the DoS issue was that the DoS attack vector could be avoided if the number of mechanism lookups (e.g. "A" lookup for "a:", "MX" lookup and subsequent "A" lookups for "mx:", etc.) was limited to a somewhat low number. |
| 20:16 | <Julian> | So if I can get some MTA do DNS-query a victim's domain, the MTA would stop as soon as the victim's domain couldn't answer that number of lookups. |
| 20:17 | <Julian> | Agreement or dissent? |
| 20:17 | <willix> | what you mean to say is that the lookups limits should be enforced in dns client |
| 20:17 | <shew> | But we effectively have that already, just that some extra A lookups are in the MX ones. |
| 20:17 | <willix> | (i.e. dns resolver) |
| 20:17 | <willix> | on per-application basis I guess |
| 20:18 | <SDGathman> | I think Julian is talking about a limit on negative queries - which have a different TTL than other resonses. |
| 20:18 | <SDGathman> | That would be an additional recommended limit over RFC4408. |
| 20:19 | <shew> | I always wanted to avoid having our limits require the resolver to count lookups. |
| 20:19 | <Julian> | willix: No. What we have now is the SPF client continuing to do dozens of "A" and "MX" lookups, even if all of them fail. |
| 20:19 | <willix> | so total limit in additional to 10x10x current |
| 20:19 | <Julian> | No. |
| 20:20 | <Julian> | Not a total limit of lookups, but a total limit of _failed_ lookups. |
| 20:20 | <willix> | ok |
| 20:20 | <Julian> | I'm not necessarily saying that should be an erratum to RFC 4408. However we could do a study on how that affects _valid_ SPF policies out there, and if it doesn't break too many, we could recommend it as a "best practice". |
| 20:20 | <shew> | Failing meaning some specific rcodes? |
| 20:21 | <SDGathman> | NXDOMAIN as opposed to no records |
| 20:21 | <willix> | this goes beyond errata |
| 20:21 | <Julian> | shew: Failing meaning returning NXDOMAIN or no records of the requested type. |
| 20:21 | <SDGathman> | The basis of Dougs scenario was doing 100 queries resulting in NXDOMAIN from the victim. |
| 20:22 | <SDGathman> | The NXDOMAIN typically has a shorter TTL than other records. |
| 20:23 | <Julian> | OK, obviously this requires more discussion. However that's the main thought I had on the DoS issue. |
| 20:24 | <Julian> | If you have any further comments of your own, please raise them. |
| 20:24 | <willix> | Anyway can you put in "Study dns security issues related to use of SPF for future specification updates" |
| 20:25 | <willix> | Study dns security issues related to use of |
| 20:25 | <willix> | SPF and make recommendations for future specification update |
| 20:25 | <shew> | I can agree with the suggestion to note this in the project agenda page. |
| 20:26 | <Julian> | As a "related task"? |
| 20:26 | <Julian> | I wouldn't really want to add any new items to the official agenda at this time. |
| 20:26 | <shew> | However I am not convinced of the need for this application/resolver-level limit. |
| 20:26 | <Julian> | (That should be up to the new council.) |
| 20:26 | <willix> | probably under "Other Tasks" |
| 20:26 | <shew> | Put it under "other tasks" then. |
| 20:27 | <willix> | Study dns security issues related to use of |
| 20:27 | <willix> | [sorry did not clear paste buffer] |
| 20:28 | <Julian> | Added. |
| 20:28 | <Julian> | Anything else to discuss, or should we adjourn? |
| 20:28 | <shew> | Nothing else to discuss here. |
| 20:28 | <Julian> | (there's a discussion of the DoS issue and mitigation methods going on on #spf right now, BTW) |
| 20:29 | <Julian> | Motion: Adjourn the meeting, probably concluding this council's work! |
| 20:29 | * | grumpy pokes his head in to distrupt the meeting and say: Thanks guys for all the work you did on the council last year! |
| 20:29 | <shew> | 2028u seconded |
| 20:29 | <Julian> | Votes? |
| 20:29 | <Julian> | 2028u: yes |
| 20:29 | <SDGathman> | 2028u yes |
| 20:29 | <shew> | 2028u: yes |
| 20:29 | <willix> | 2028u: yes |
| 20:30 | <Julian> | The meeting is concluded! |
| 20:30 | <Julian> | Thanks guys, it's been a year! :-) |
| 20:30 | <willix> | thanks for the work this year especially Julian as he did almost all of it |
| 20:30 | <Julian> | Not sure if that's correct. |
| 20:30 | <shew> | 2030u: seconded. :-) |
| 20:31 | <Julian> | SDGathman did hell of a job on the test suite! |
| 20:31 | <shew> | (Seconding the thanks-and-especially-julian, I mean.) |
| 20:31 | <Julian> | (and on pyspf, too!) |
| 20:31 | <shew> | True. |