Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE

["Murray S. Kucherawy" <superuser@gmail.com>]

On Fri, Apr 26, 2013 at 12:31 PM, Doug Barton <dougb@dougbarton.us> wrote:

>
>  No, what I'm saying is that the way things were ten years ago
>>
>
> As I (and others) have said many times, things were rough at the time SPF
> came to bloom. However, and this is really important to understand, it's
> not 10 years ago anymore.
>

I am keenly aware of the date.  What I am also keenly aware of, as I (and
others) have said many times, is that SPF set off in a specific direction
based on the situation ten years ago and has continued in that direction
all this time.  Now, with the situation "at home"
largely-but-not-completely improved, there are a few people now exclaiming
that it went in the wrong direction, and that needs to be fixed.

It's very easy to make that assertion when one ignores questions of
momentum and inertia.


I'm not being petty when I say that. It really is important to understand,
> the time is going to pass anyway. In the time period between then and now a
> LOT of things have happened in the DNS world, and the situation is
> dramatically different now than it was.
>

Nobody's arguing that point.


>
> What is even more important to understand is that 10 years from now 10
> more years will have passed. We have a chance now to set in motion events
> that will continue to improve the situation, so that 10 years from now we
> can look back and laugh at the SPF TXT record, and have joy that things are
> so much better. Or, we can spend 10 more years with the same silly kludge,
> and not have made any progress at all. Either way, the next 10 years are
> going to pass.


Sure.  Is that a good use of engineering resources?  This is where we
appear to differ.  I claim, given current data, that it is not.


>
> And some of the software that handles SPF has already switched to querying
> SPF/99 first. There is no reason that the rest could not do that as well.


I agree with the first sentence, but not the second.


> As I have mentioned previously, in the DNS world we have a LOT of
> experience dealing with issues EXACTLY like this. We know how it works, we
> know what long tails look like, and we know that as problems go it's a
> pretty easy problem to deal with.
>

This situation touches more than just DNS code.  You appear to be convinced
that the path to overcoming inertia in the DNS world is the same, or maybe
even harder, than it is in other environments like email.  I am not a
believer.


>
> Um, it's not "suddenly." The advice to do it right in the first place has
> been offered repeatedly, since the very beginning. That's why the code
> point was assigned in the first place.
>

Um, it is "suddenly", or have you a copy of the spfbis archive that's
different from the one I have?


>
> There is no doubt that in the early days, prior to the widespread
> deployment of 3597, querying for SPF/99 could cause problems. But we're not
> in that world anymore. Thank DNSSEC and IPv6 for shaking things loose.
> There is currently no TECHNICAL reason that the change cannot be made NOW
> to query SPF/99 first. The only argument you (and others) have put forward
> so far is, "We have been using TXT, it works, so we want to keep using it."
> I understand why that course of action is attractive, but it's bad. And the
> right thing isn't hard to do.
>

I'm sorry, but that is not the only argument I (and others) have put
forward so far.  If this conversation is going to be selective in that
manner, then I think I'm done here.

-MSK