Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
Barry Leiba <barryleiba@computer.org> Fri, 26 April 2013 16:53 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5AC921F9653; Fri, 26 Apr 2013 09:53:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmiH+GogDnxy; Fri, 26 Apr 2013 09:53:30 -0700 (PDT)
Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com [209.85.220.173]) by ietfa.amsl.com (Postfix) with ESMTP id 297DF21F992B; Fri, 26 Apr 2013 09:53:30 -0700 (PDT)
Received: by mail-vc0-f173.google.com with SMTP id ia10so2673739vcb.32 for <multiple recipients>; Fri, 26 Apr 2013 09:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=jS1z0glCyII8ThtjIaD8QyildjjHMKmnbrC4E2nCZjI=; b=GC6tQAOm+D14ukRsT6BWNRgG8Ge6ejs2VP+k/OIqbhOF06H/0HCVlEzhI7N/TawqoF W2TfcYJFV11kZcFrJvML6jHdvaJaZJQwdnmeN3Tth6JH1yGJhKsPIlQjx5lM+vCOvB5q sDUwL0e261d14keAXdjMIWsHfhsaDW2XFIKXeUSlT6xUafWv1lPV+nTy0A1Gjto88ZRm 4i9FpctTnPaUN+dl2Avcd288uAVTAvUS2CGpCQhYDv3Q1Bau3YYWVz6TAv6OZss8Rg2A oBWD4IPLtSSYVJY1O3UCmPOgrid0jn35geBN40cAGLk2/kgMAEpUcfYoFGpn098ARqm5 +UcQ==
MIME-Version: 1.0
X-Received: by 10.220.177.69 with SMTP id bh5mr13496031vcb.22.1366995209160; Fri, 26 Apr 2013 09:53:29 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.59.3.41 with HTTP; Fri, 26 Apr 2013 09:53:28 -0700 (PDT)
In-Reply-To: <8D23D4052ABE7A4490E77B1A012B63077515FDEB@mbx-01.win.nominum.com>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se> <alpine.BSF.2.00.1304251030380.65043@joyce.lan> <14A728AE-83DC-4C1F-A88A-6F988D37F2C7@frobbit.se> <20130425154235.GP23770@besserwisser.org> <5179691B.50602@qti.qualcomm.com> <5179980F.9090606@dougbarton.us> <5179B10E.705@qti.qualcomm.com> <5179BC32.8050205@dougbarton.us> <6.2.5.6.2.20130425163243.0bedb6d0@resistor.net> <8D23D4052ABE7A4490E77B1A012B63077515FDEB@mbx-01.win.nominum.com>
Date: Fri, 26 Apr 2013 12:53:28 -0400
X-Google-Sender-Auth: 6_T1uduq3D_8TpysXFvviwrb5tY
Message-ID: <CAC4RtVA3tC_dSoZrSaeC-XEx++O+aoZx1ApynzYCn-QHrMDLzA@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Ted Lemon <Ted.Lemon@nominum.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: "spfbis@ietf.org" <spfbis@ietf.org>, Pete Resnick <presnick@qti.qualcomm.com>, "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 16:53:37 -0000
> FWIW, and I do not intend this as a criticism of what you did, I just went back > to the datatracker and looked at the text of the IETF last call. There is nothing > at all in this text that would indicate that the document said anything at all about > the continued use of the SPF DNS RRtype. I've also read the document, and > even reading the conclusion of the document, there's very little there that would > suggest to me that the spfbis working group was about to deprecate the use of > the SPF DNS RRtype. As Murray's already responded, the intent of the document that became RFC 6686 was simply to report on the SPF/Sender-ID experiment. That document never meant to recommend a specific course, and didn't -- so any cross-area review of that document wouldn't have been likely to raise this discussion, and no text in that document relating to this issue would have been appropriate. That said, there is a general need for chairs, shepherds, and responsible ADs to be aware of these sorts of things. Chairs/shepherds need to make sure something about them gets put into shepherd writeups, at least, and ideally gets sent out to relevant lists earlier. Best I can tell, there *was* a discussion of this earlier, but it didn't get this level of attention. It would also be good for ADs to put things into the last call notices, pointing out things that participants in other areas might want to look at. We don't have a habit of doing that, and we should. Even something like, "This specification involves aspects of [technology X] and [technology Y]; experts in those technologies should pay particular attention and provide reviews and comments," might make a big difference. > On the other side, here are the arguments that I understand to have been made: > > 1. TXT records are not specific to SPF, thus we can't assume that any given TXT > record is an SPF record. > > Rejoinder: doesn't seem to be an issue in practice—no other TXT records are > needed on the names to which SPF TXT records are typically attached. Right: the underscore-prefix technique has been vetted before, and as far as I can tell this issue and its variants are settled. > 3. Using TXT records is a bad idea. > > Rejoinder: this isn't really a technical argument; if there is a technical argument > in here, it should be stated explicitly, but this argument per se will be ignored. Actually, I don't agree that it's not a technical argument. The second part of that sentence is operative, and I want to drill down on that: if there's a technical argument in here, let's tease out what it is. We really have two issues that really seem to matter here: 1. Should we be working on a transition to type=99 only, rather than deprecating type=99? 2. Claim (quoting Måns here): overloading TXT is bad. (1) is being adequately argued back and forth; I want to focus on (2): Why, specifically, is it bad to use TXT records in an "_spf." subdomain for this purpose? What harm does it cause, specifically. Let's bring that out clearly, and have that part of the discussion, realizing that some possible arguments already have answers: - It's not hard to parse these; there are many parsers out there that work, and there are many text-based protocols that work. - The "_spf." subdomain eliminates the issue of multi-use collisions -- DKIM queries, for example, will go to "_dkim." subdomains, and won't see SPF records in the responses. What other issues does the use of TXT records in this context cause, which would make it clear that migration away from them in SPF is important to avoid damage to the Internet, or at least to the DNS system? Barry
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE and deprecate … Douglas Otis
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Dave Lawrence
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dotzero
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Barry Leiba
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE Havard Eidnes
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Edward Lewis
- [dnsext] loads of TXT records for fun and profit Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Ted Lemon
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Joe Abley
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- [dnsext] SPF, a cautionary tale John Levine
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Murray S. Kucherawy
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] loads of TXT records for fun and pro… David Miller
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale John R Levine
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Doug Barton
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Phillip Hallam-Baker
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Florian Weimer