Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues
Keith Moore <moore@network-heretics.com> Mon, 07 February 2022 19:51 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A29E3A07B2 for <behave@ietfa.amsl.com>; Mon, 7 Feb 2022 11:51:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.61
X-Spam-Level:
X-Spam-Status: No, score=-7.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ve7BCwyLKrjb for <behave@ietfa.amsl.com>; Mon, 7 Feb 2022 11:51:14 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 884FA3A087E for <behave@ietf.org>; Mon, 7 Feb 2022 11:51:14 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B6EC95C0138 for <behave@ietf.org>; Mon, 7 Feb 2022 14:51:13 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 07 Feb 2022 14:51:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=H++oBpSDkZ3WOwvpyWQfjeUeGFR1Oln/yDOv1SboFjM=; b=ZYbVukWx aQZ56iojg4+UI7sXdWg/i29c7q6OGZR2j9x2w+xv+uReeTybSFcM4W6xxzuf2n2I Ioy5HJX9EuhI4s/kFaNH0QHa6x1QOnSMoh4IMG+bDOBLMugwQ7FbroLmWJhsadtN dI9h//H3x0LsRQOEYb4T1wFwPvrWKqLpHRYJ2Ce2TN5T77aihA6dpPqPV0UfWgSI 0bEDjWpvp2CzrI/QcO61iSLTCTjwcOll2Z2BMhcRUw+0l++3fieYwSkIWZkhuvEw eKm7y/57m2TEt6mJCZURNc99DTLjt/EaIQYuFMGqQixVfKY1dhyi4fLpeChYAW0B Oi0CtJVDkNzgGA==
X-ME-Sender: <xms:MXgBYrPGr7ZF_KPB1xlro_NxG-QhNDOo2aQLSCv8jH-GqVnUe8CXtQ> <xme:MXgBYl-IVmRlpyNvR3D-ZvH5WFrWSeALpBV6Q7QykawqSOdHwYGmbQbNUb-Whgrfh 2q2hP5cHF6ggw>
X-ME-Received: <xmr:MXgBYqTCUYiNC1u87H21JZ85UQQCjCuD2wEmh547_EjvDZ9hOjZ6VB3ptgj0HYDH878qHg9ogJk4gJqgLzjnWPHkoUR45AUjPY1->
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrheehgdduvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtke ertddtfeejnecuhfhrohhmpefmvghithhhucfoohhorhgvuceomhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpeeftddvleeije evkeejhfeuudehveeihfejfedvgfduhfffhfduuddufeeggfetveenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmohhorhgvsehnvghtfihorh hkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:MXgBYvujwmsR4UdsdQte4X6zdjebRwh57jZxsBHQPd4I9OMDUKw_PA> <xmx:MXgBYjcY29JXabu1YX32L-EWrHh7aGR-K9LU9gKR9JBWa_h_9vTdcQ> <xmx:MXgBYr1VpSTdl8X8QElX3YgLkmjhIchFUklWwbBaka9-xmTGnJCwFQ> <xmx:MXgBYto0QSq7ttYUMFtMQnLOpCp6oA3vM8raPNa5mIwxTE0V0dYMyw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <behave@ietf.org>; Mon, 7 Feb 2022 14:51:13 -0500 (EST)
Message-ID: <ed382d77-483c-5a07-3498-eac0cd38abbd@network-heretics.com>
Date: Mon, 07 Feb 2022 14:51:12 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: behave@ietf.org
References: <077D662F-5E6D-44F5-8DD3-B58D8B535C5D@network-heretics.com> <B6D6B4CC-AC1F-459C-952A-E9493E00FDB3@huitema.net> <7e53925e-46b0-29e4-6deb-47bcf389ff97@posteo.de> <DC6F8DB5-4D01-466F-A042-1769E5FBB677@gmail.com>
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <DC6F8DB5-4D01-466F-A042-1769E5FBB677@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/behave/mJd7Wrz5gC_DlGd6ZEW8nSyVp48>
Subject: Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 19:51:21 -0000
On 2/7/22 14:37, Dan Wing wrote: > Could the SPF problem dissipate if SPF records only contained DNS names and deprecate IP addresses? I suspect this just would just make SPF records even less reliable than they already are, because the DNS name adds an extra layer of indirection that also has a high probability of being wrong. Also, it doesn't rid the burden of applications operating behind the NAT to be aware of the NAT. For better or worse, applications have a lot of incentive to use DoH or DoT because local resolvers are sometimes under-provisioned or unreliable, network providers sometimes spy on DNS traffic, etc. Using DoH or DoT can result in more reliable, consistent operation with less delay due to DNS lookup time. So if the application is going to benefit from SPF records having DNS names in them, it has to know to use the DNS64 server to lookup those DNS names and get the (possibly fake) IPv6 source addresses back. The general problem that DNS is often out of sync with reality (at least in part because DNS isn't federated in the same way that reality is) is hard to fix. Keith
- Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interop… Marc Blanchet
- [BEHAVE] RFC6147 and RFC7208 interoperability iss… Klaus Frank
- Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interop… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Dan Wing
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… David Conrad
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… David Conrad
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… David Conrad
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… JORDI PALET MARTINEZ
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Dan Wing
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Dan Wing
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interop… Hector Santos
- Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interop… Mark Andrews
- Re: [BEHAVE] [spfbis] RFC6147 and RFC7208 interop… Mark Andrews
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… marcelo bagnulo braun
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… mohamed.boucadair
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Keith Moore
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Christian Huitema
- Re: [BEHAVE] RFC6147 and RFC7208 interoperability… Klaus Frank