[dnsext] Effects on DNS can be severe
Douglas Otis <doug.mtview@gmail.com> Fri, 03 May 2013 19:05 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96C2C21F96B4; Fri, 3 May 2013 12:05:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3MCrOj4ZGL7g; Fri, 3 May 2013 12:05:04 -0700 (PDT)
Received: from mail-pb0-x22f.google.com (mail-pb0-x22f.google.com [IPv6:2607:f8b0:400e:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE5E21F84A6; Fri, 3 May 2013 12:04:57 -0700 (PDT)
Received: by mail-pb0-f47.google.com with SMTP id uo1so1043754pbc.34 for <multiple recipients>; Fri, 03 May 2013 12:04:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:content-type:subject:date:message-id:cc:to :mime-version:x-mailer; bh=KDXmzyOdJ/a0Xghkhq7dxRaU+nn9HIrESFqLLKxxb+4=; b=aAsFEhtWcU9+Z6MQ7US16+Suw//fqZz2mP000HcyqXEOtuNDzIcMEWICVpw1MMhS0q Anp1a/sqh8agXFHAIjqz/hNUE4fOVO3KrDE850SSAyjZuXqLevd+w73ydPSO/ekgACUU Z6th/lq+FawNycgfTb+pwMu58z/N79KfpWW64DzBKjWtTaIx2ZE49ToJUfCKl991cjhy ltXgWR/ovMxAvXn4KZRsv3YP01Ka/+++IWJGwfbTVH9zXAXQXKzb6lAO9MFuQ7bqrO0M e4Cwf7ZIEwNjqun7HcCjX/DXcKjtgd5V0g0x4WHjGnrA03Bc1xVBNeT/JWFuPV3Cajek jw4Q==
X-Received: by 10.66.166.107 with SMTP id zf11mr16195044pab.166.1367607896894; Fri, 03 May 2013 12:04:56 -0700 (PDT)
Received: from ?IPv6:2601:9:3180:3e:6977:cc82:b053:faf8? ([2601:9:3180:3e:6977:cc82:b053:faf8]) by mx.google.com with ESMTPSA id ih1sm12634971pbb.44.2013.05.03.12.04.55 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 May 2013 12:04:55 -0700 (PDT)
From: Douglas Otis <doug.mtview@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_438BAF92-9972-44B6-8856-17D48DA59C61"
Date: Fri, 03 May 2013 12:04:53 -0700
Message-Id: <363177C4-6D23-48C1-9609-226A9B55EAAD@gmail.com>
To: "<ietf@ietf.org> IETF" <ietf@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
X-Mailer: Apple Mail (2.1503)
Cc: "dnsext@ietf.org" <dnsext@ietf.org>
Subject: [dnsext] Effects on DNS can be severe
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 19:05:05 -0000
Dear ietf and dnsext, I apologies for posting this ahead of the wg last call. Over many years at attempting to change the course of the SPF process, this effort appears to have been futile. It seems many even feel the present spfbis document represents current practices. It does not, from the perspective of macros. I have written an I-D that I fully expect SPF proponents will denounce and so I have left that wg alone. Here is a draft written in hopes of placing these concerns into a broader scope-- http://tools.ietf.org/html/draft-otis-ipv6-email-authent-00 Two references in this draft did not carry over in the same manner as in the tcl script? Until remedied, here are the links missing in this i-d: [I-D.otis-spf-dos-exploit] http://tools.ietf.org/html/draft-otis-spf-dos-exploit-01 [v6-BGP-Rpts] http://bgp.potaroo.net/v6/as6447/ SPF can pose serious threats, that when confronted, few solutions are available. I have been able to convince some of the larger providers of this concern, who in returned offered assurances the macro extensions in their SPF libraries are removed and in doing so have not seen any problems. This is a serious effort at addressing a security concern, please read this draft from that perspective. Regards, Douglas Otis
- [dnsext] Effects on DNS can be severe Douglas Otis