IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

Mark Andrews <marka@isc.org> Fri, 26 April 2013 22:46 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90DEB21F99B6 for <dnsext@ietfa.amsl.com>; Fri, 26 Apr 2013 15:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jB7DxFNdLPfk for <dnsext@ietfa.amsl.com>; Fri, 26 Apr 2013 15:46:13 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id C406D21F97D9 for <dnsext@ietf.org>; Fri, 26 Apr 2013 15:46:13 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 51DC1C9427; Fri, 26 Apr 2013 22:46:06 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1367016373; bh=DeLQXAYOguM28cmE5/gyIHYdsl8hJ3amTEv54coyW1w=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=jlqKc5auBRUfvAmf9ObyESa3cPW241aS3Dlgi4rm8zDW2JwxAfpVAxQw8iu7HgYGK 5yMvFkTyGj3pkluEmCQW7ljFE2tZgTkeJucjB5TikEuyHoEQnnt05rSyH/Wk0YSAno aVXuSYThF0cthJdY40NV7/pb6wrcQVypPkMfX/68=
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS; Fri, 26 Apr 2013 22:46:06 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 04496216C40; Fri, 26 Apr 2013 22:46:06 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id C289A331351F; Sat, 27 Apr 2013 08:45:53 +1000 (EST)
To: John Levine <johnl@taugh.com>
From: Mark Andrews <marka@isc.org>
References: <20130426214956.75110.qmail@joyce.lan>
In-reply-to: Your message of "26 Apr 2013 21:49:56 +0000." <20130426214956.75110.qmail@joyce.lan>
Date: Sat, 27 Apr 2013 08:45:53 +1000
Message-Id: <20130426224553.C289A331351F@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 22:46:14 -0000

In message <20130426214956.75110.qmail@joyce.lan>, "John Levine" writes:
> >Well, deprecating the SPF RR will certainly teach the DNSEXT/IESG/IETF community a good lesson.  (Seriously?)
> 
> This may come as a surprise, but this isn't all about you.  
> 
> The spfbis group is cleaning up a protocol that is in use at hundreds
> of thousands of mail systems all over the world including most,
> probably all, of the largest ones.  For all its warts, SPF works fine
> as is, and they have no incentive to change.  Hence the narrow charter
> of the group only to clean up the existing spec, not to extend or
> change it.
>
> I go to a industry meetings like MAAWG with all of the large mail
> operators, and I can assure you that if the IETF were so silly as to
> publish an spfbis that demanded a switch to type 99, the large mail
> systems would say, wow, that was dumb, I guess we'll be looking for
> mail standards somewhere else.
> 
> >> Thus, I maintain that we take our licks on this one and just take steps to ensure that nobody follows
> >this path again.
> >
> >And how do you propose that exactly, particularly given the precedent set by SPFBIS?
> 
> Provide the tools and processes so that people can use new RRTYPEs in
> new designs.  (Insert usual point about provisioning.)
> 
> Don't shoot yourself in the foot by demanding that we break one that's
> a decade old and likely in wider use than 95% of all of the other IETF
> protocols.
 
As far as I can see no one is asking anyone to break SPF.  All they
are asking is to let it continue down the path towards all type
SPF.  The DNS people know that will take years before people will
feel comfortable with using SPF only.  MX only domains took years
as well before people were confident to use them.

Instead of going for deprecation ask nameserver vendors to add
automatic insertion of type SPF if there is no SPF RRset (SHOULD
level).  This will help sites that are unintentionally breaking the
SHOULD publish both records.

Note most of the sites that described how to do SPF failed to mention
that you are supposed to publish both which where generally written
by people trying to promote SPF.

e.g.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

That includes sites written by people in the SPF working group who
should have known better.

When every example is a single TXT record it is hardly suprising
that type SPF was not being published often.

Conspiracy theorists would say that it was a deliberate attempt to
undermine type SPF.

> R's,
> John
> 
> 
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email