IETF Logo Mail Archive

Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE

Doug Barton <dougb@dougbarton.us> Fri, 26 April 2013 00:15 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A27D21F9080; Thu, 25 Apr 2013 17:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[AWL=1.299, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcwSRjWKEGYJ; Thu, 25 Apr 2013 17:15:45 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [208.79.90.218]) by ietfa.amsl.com (Postfix) with ESMTP id E140321F8AD5; Thu, 25 Apr 2013 17:15:44 -0700 (PDT)
Received: from [192.168.0.102] (home [12.207.105.210]) by dougbarton.us (Postfix) with ESMTPSA id 3447822BA3; Fri, 26 Apr 2013 00:15:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1366935344; bh=kI3CLRIafveYkF4joKnhr5ZSoqI3uB6Ma3lp8WR2LLo=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=wAv9Qf8yqQikJ/JPmlrlf3sApTY5SEdWwjy7G8S8rI5PRUbYqryZuz5JCYZuha56X thihi8RKhKZi6j9uM0IdzS9mbUEq3QZ91vVFuU7b1rhLROfC/niGdBrqLIBH+R9AL/ nQPhWbvaRQ0HqiaRAukuFmaR1GQ0re3u3UJfP0hY=
Message-ID: <5179C72F.1070703@dougbarton.us>
Date: Thu, 25 Apr 2013 17:15:43 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Pete Resnick <presnick@qti.qualcomm.com>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se> <alpine.BSF.2.00.1304251030380.65043@joyce.lan> <14A728AE-83DC-4C1F-A88A-6F988D37F2C7@frobbit.se> <20130425154235.GP23770@besserwisser.org> <5179691B.50602@qti.qualcomm.com> <5179980F.9090606@dougbarton.us> <5179B10E.705@qti.qualcomm.com>
In-Reply-To: <5179B10E.705@qti.qualcomm.com>
X-Enigmail-Version: 1.5.1
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: spfbis@ietf.org, dnsext@ietf.org
Subject: Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 00:15:46 -0000

On 04/25/2013 03:41 PM, Pete Resnick wrote:
> and I'd really ask you to read through the discussion of issue #9 on the
> list

Ok, so I've read through those threads, and the antecedents. I saw the 
following:

1. Some reports of people who wrote code to use the new RRtype early on, 
and had problems, so they stopped.

2. A report that Perl's "Mail::SPF (which is used by Spamassassin) 
checks for Type SPF first by default."

3. Several folks pointing out the valid DNS protocol based reasons why 
overloading TXT is bad, and new RRtypes for new features are good.

4. Lots of messages along the lines of, "We've always used TXT for this, 
so we should keep using it." These arguments all seem focused around the 
concept that having 2 ways to do the same thing is kind of a pain, so 
let's just use the one that is most popular.

5. Some fairly persuasive technical arguments from Andrew Sullivan that 
putting SPF records into your zone is a good idea. Particularly this:
https://www.ietf.org/mail-archive/web/spfbis/current/msg00544.html

#1 was an expected result in the days prior to 3597 (2003), but should 
be little to no trouble now.

#2 Speaks in favor of my proposal.

#3 (Arguably one of the only "reasoned technical arguments" in the 
bunch) seems to have been ignored by the majority of list members.

#4 Is not a "reasoned technical argument."

#5 Is also a "reasoned technical argument," which was not only ignored, 
but twisted on its ear by at least one list member.

It's also worth pointing out that a non-zero number of list members were 
ready (eager?) to shut down the SPF record prior to their being any 
actual discussion of it.

So I stand by my original proposal. We should do the right thing here, 
not the expedient thing. And the fact that a significant piece of 
software is already doing that, and clearly it works, is a pretty big 
point in favor.

Further, there were no "reasoned technical arguments" in that thread 
against doing what I proposed. As I mentioned in #4 above there was some 
whinging about having 2 ways to do the lookup, but as I pointed out 
previously if the switch had been flipped to do the SPF lookup first at 
some reasonable time post-3597, we'd be celebrating the deprecation of 
the TXT record right about now.

And further than _that_, Andrew and a few other list members pointed out 
that with a theoretical v=spf3 on the horizon, that would be a perfect 
time to say "Use the SPF record only, don't use TXT at all." Of course 
that whole line of thought was shot down with the same, "But we've 
always used TXT" argument. Which is unfortunate because I think that 
would have been an excellent compromise position, which has valid 
technical grounds.

Doug

v2.23.0 | Report a Bug | By Email