Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
Mark Andrews <marka@isc.org> Fri, 26 April 2013 06:52 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68C6B21F97D1; Thu, 25 Apr 2013 23:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[AWL=0.288, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9aaE7ipexBL; Thu, 25 Apr 2013 23:52:42 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 6F05121F97BF; Thu, 25 Apr 2013 23:52:41 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 395FA5F98E9; Fri, 26 Apr 2013 06:52:29 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1366959158; bh=7tJjS48HL6RtN7auaCrBHrzhQ3/OaPOuqXLKM23DvaY=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=OelgbkhzB2FvIc9gpyVXS0g+mZW37M8wohD8b8z//jXHYr7qarKZTP4vGn/cgLk4w SckoHq6yGE/EGZ+XVB2lv0QWs4ZCsdggQIZuZB/nUnYn53WLOe39v3yrdNzqpA/GWX Qj3CTXVEOqoFiUzMg9uxrhkFSizKX4l72U0hpmf0=
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:4129:b64c:428a:9207]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id BC395216C40; Fri, 26 Apr 2013 06:52:26 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id D8E8133032DC; Fri, 26 Apr 2013 16:52:21 +1000 (EST)
To: "Murray S. Kucherawy" <superuser@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se> <alpine.BSF.2.00.1304251030380.65043@joyce.lan> <14A728AE-83DC-4C1F-A88A-6F988D37F2C7@frobbit.se> <20130425154235.GP23770@besserwisser.org> <5179691B.50602@qti.qualcomm.com> <5179980F.9090606@dougbarton.us> <5179B10E.705@qti.qualcomm.com> <5179BC32.8050205@dougbarton.us> <CAL0qLwYzKnfRArQAVD1M=ccnV079j-D9PHDaB-tLaUwG4vm_BQ@mail.gmail.com>
In-reply-to: Your message of "Thu, 25 Apr 2013 20:29:14 -0700." <CAL0qLwYzKnfRArQAVD1M=ccnV079j-D9PHDaB-tLaUwG4vm_BQ@mail.gmail.com>
Date: Fri, 26 Apr 2013 16:52:21 +1000
Message-Id: <20130426065221.D8E8133032DC@drugs.dv.isc.org>
Cc: "spfbis@ietf.org" <spfbis@ietf.org>, Pete Resnick <presnick@qti.qualcomm.com>, dnsext@ietf.org
Subject: Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 06:52:45 -0000
In message <CAL0qLwYzKnfRArQAVD1M=ccnV079j-D9PHDaB-tLaUwG4vm_BQ@mail.gmail.com>, "Murray S. Kucherawy" writes: > > On Thu, Apr 25, 2013 at 4:28 PM, Doug Barton <dougb@dougbarton.us> wrote: > > > Yep, been there, done that. It was a bad decision then, and it's still a > > bad decision now. I realize that it's incredibly unpopular to bluntly call > > bad decisions "bad decisions," but not doing so doesn't make them any less > > bad. And, to make matters worse, not doing so has led to a non-trivial > > number of those bad decisions becoming de facto standards. This has at > > least 2 very bad side effects ... first, we have to live with the bad de > > facto standards; but more importantly we are providing encouragement to > > people who wish to make similar bad decisions down the road. > > > > The argument in 6686 boils down to, "We made a series of bad decisions, > > which have led to a bad result. We now want to codify that bad result > > instead of cleaning up our mess." I don't agree with that in principle, and > > I don't agree with that in regards to this particular case. > > > > Further, while cleaning up the SPF mess would require nothing more than a > > marginal amount of extra work now, plus the passage of time, there is no > > reason not to actually clean up the mess. > > > I think this continues to trivialize exactly what it means to migrate the > enormous deployed base of SPF in the manner you're pushing. I fully agree > with your premise that it should've been "done right" in the beginning and > I lament that it was not, but I don't agree that fixing this now is worth > moving a mountain, especially when I don't believe the people saying that > here will be among the people doing even a fraction of the moving. The installed base of SPF is miniscule. As for moving it, you really only need to update a couple MTA's to use the SPF libraries that look for SPF first and let time pass. If you want a hurry on one could add code to nameservers and zone signers to detected TXT style spf records and add SPF records if they are missing. > At least half of the reason we landed here is because of an environment > that was basically hostile to doing it right in the first place. The rules > for getting new RRtypes have been improved -- The rules were dead simple at the time, just nobody in the SPF camp was willing to try to go down that route. I know they were simple because I used them at the time for another type. > I think we all agree on that > -- but, as you already conceded, there's still a large deployed base of > faulty firewalls and DNS tools out there that don't exactly make use of > uncommon RRtypes easy. So how much energy are the DNS experts going to put > into cleaning up their house while demanding the mail people clean up > theirs? I would even go so far as to say that the DNS part has to happen > first, before any cleanup on the email side is practical to consider. The DNS had deployed support for UNKNOWN RR types at the time. Most resolvers have been able to lookup unknown types since RFC 1034 was published. For most resolvers it was simply a matter of using 99 rather than a symbolic name. > The deployed SPF base probably won't give a damn if the IETF suddenly > releases an RFC that exclaims "Everybody migrate to type 99!" From the > perspective of large and small operators around the world, what's out there > is working now, and messing with it is asking for pain; engineers' time to > switch and debug costs a lot of money, so they have no incentive whatsoever > to comply with a proposed change to "fix" a service that is philosophically > broken but operationally just fine. > > Thus, I maintain that we take our licks on this one and just take steps to > ensure that nobody follows this path again. > > -MSK -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE and deprecate … Douglas Otis
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Dave Lawrence
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dotzero
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Barry Leiba
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE Havard Eidnes
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Edward Lewis
- [dnsext] loads of TXT records for fun and profit Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Ted Lemon
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Joe Abley
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- [dnsext] SPF, a cautionary tale John Levine
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Murray S. Kucherawy
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] loads of TXT records for fun and pro… David Miller
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale John R Levine
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Doug Barton
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Phillip Hallam-Baker
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Florian Weimer