Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
Doug Barton <dougb@dougbarton.us> Fri, 26 April 2013 19:31 UTC
Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1803B21F99BC; Fri, 26 Apr 2013 12:31:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bz2yY1YBUjSs; Fri, 26 Apr 2013 12:31:38 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2256B21F99BA; Fri, 26 Apr 2013 12:31:38 -0700 (PDT)
Received: from [IPv6:2001:470:d:5e7:bc8b:58b7:549d:818c] (unknown [IPv6:2001:470:d:5e7:bc8b:58b7:549d:818c]) by dougbarton.us (Postfix) with ESMTPSA id C3EAC22B11; Fri, 26 Apr 2013 19:31:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dougbarton.us; t=1367004697; bh=6H15Mw1ssOq7L2ZKPTtmjntMxzzF9yUXtSicA7tehbw=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=HdPGtalgzD0TXyB/picgV7ROq3Vb8URajpG3UaA4zozMB+HsoW9OTB66CE5XTtM3D RiqnRskDZwByQ++BsGxNMy+3wrUfsH/fhLfA7SKT/ME7CKoQewbXrHPVcXdmxA87Ka cPKmnbFnXZZ2DmD9abbkMRqCYBc8LC2uIthecJ8Y=
Message-ID: <517AD619.3000406@dougbarton.us>
Date: Fri, 26 Apr 2013 12:31:37 -0700
From: Doug Barton <dougb@dougbarton.us>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se> <alpine.BSF.2.00.1304251030380.65043@joyce.lan> <14A728AE-83DC-4C1F-A88A-6F988D37F2C7@frobbit.se> <20130425154235.GP23770@besserwisser.org> <5179691B.50602@qti.qualcomm.com> <5179980F.9090606@dougbarton.us> <5179B10E.705@qti.qualcomm.com> <5179BC32.8050205@dougbarton.us> <CAL0qLwYzKnfRArQAVD1M=ccnV079j-D9PHDaB-tLaUwG4vm_BQ@mail.gmail.com> <8CD461F5-2A96-4BC5-8934-1181CB134F7E@virtualized.org> <CAL0qLwYHtYmCpLco86u5Loc1SuG9OpWyHZVPySZp8XOF2ypyxg@mail.gmail.com>
In-Reply-To: <CAL0qLwYHtYmCpLco86u5Loc1SuG9OpWyHZVPySZp8XOF2ypyxg@mail.gmail.com>
X-Enigmail-Version: 1.5.1
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "spfbis@ietf.org" <spfbis@ietf.org>, "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 19:31:39 -0000
On 04/25/2013 11:30 PM, Murray S. Kucherawy wrote: > On Thu, Apr 25, 2013 at 11:05 PM, David Conrad <drc@virtualized.org > <mailto:drc@virtualized.org>> wrote: > > > So how much energy are the DNS experts going to put into cleaning > up their house while demanding the mail people clean up theirs? > > So, this is about revenge because it used to be hard to get RRtypes? > > > Did I really come across as that petty? Uncharitable interpretation of the current situation could come to that conclusion. > No, what I'm saying is that the way things were ten years ago As I (and others) have said many times, things were rough at the time SPF came to bloom. However, and this is really important to understand, it's not 10 years ago anymore. I'm not being petty when I say that. It really is important to understand, the time is going to pass anyway. In the time period between then and now a LOT of things have happened in the DNS world, and the situation is dramatically different now than it was. What is even more important to understand is that 10 years from now 10 more years will have passed. We have a chance now to set in motion events that will continue to improve the situation, so that 10 years from now we can look back and laugh at the SPF TXT record, and have joy that things are so much better. Or, we can spend 10 more years with the same silly kludge, and not have made any progress at all. Either way, the next 10 years are going to pass. > pushed the > SPF community to the place it's in now, ugly as it is. SPF, in the > interim, has become very widely deployed. And some of the software that handles SPF has already switched to querying SPF/99 first. There is no reason that the rest could not do that as well. Then by the time that the next version of SPF is released, it can be all SPF/99, and no TXT. Eventually the TXT record will die out altogether. As I have mentioned previously, in the DNS world we have a LOT of experience dealing with issues EXACTLY like this. We know how it works, we know what long tails look like, and we know that as problems go it's a pretty easy problem to deal with. > Suddenly now we have a few > voices from the ivory tower asserting that the same community needs to > go out and re-do things the way they should have been done in the first > place, now that we finally have a somewhat more reasonable perspective, > even though some of the vestiges of ten years ago are in fact still > around. My reaction to that is "You can't be serious." That doesn't > sound like revenge at all to me, just pragmatism. Um, it's not "suddenly." The advice to do it right in the first place has been offered repeatedly, since the very beginning. That's why the code point was assigned in the first place. There is no doubt that in the early days, prior to the widespread deployment of 3597, querying for SPF/99 could cause problems. But we're not in that world anymore. Thank DNSSEC and IPv6 for shaking things loose. There is currently no TECHNICAL reason that the change cannot be made NOW to query SPF/99 first. The only argument you (and others) have put forward so far is, "We have been using TXT, it works, so we want to keep using it." I understand why that course of action is attractive, but it's bad. And the right thing isn't hard to do. > The point is that it isn't just fine. It does have operational > impacts, from potentially increased fragmentation/fallback to TCP to > increased complexity in TXT RR parsers that have to distinguish > between the myriad of crap that's residing at the zone apex TXT RR, > etc. Of course, most of these negative impacts are hidden to the > folks who are putting the TXT RRs in the zone, so it's all good, right? > > > Thus, I maintain that we take our licks on this one and just take > steps to ensure that nobody follows this path again. > > And how do you propose that exactly, particularly given the > precedent set by SPFBIS? > > > Someone else (Joe, I think) has already referred to other RFCs that talk > about things like IAB advice about how [not] to put application data > into the DNS. Seems to me this is a perfectly good subject for another > such project. One may counter that by saying nobody will pay attention > to such a document, but I submit that it's our primary mechanism for > making sure mistakes aren't re-made, so that's the tool we have to use > or not use. But this mistake isn't carved in stone. It CAN be fixed. And the solution isn't difficult. Some minor changes are made to software, some docs are updated, and then time passes and the old way becomes obsolete. > If we do the opposite and somehow compel SPFBIS to favour type 99 over > TXT, then I still think we'll be shouting that to an audience that will > think we're nuts and simply go about their business. If that happens (and I personally don't think it will), it's not the IETF's problem. We don't (traditionally) write specs to accommodate the worst behavior we see in implementations. We write specs to describe how it should be done right, and do our best to support people who want to write software that does it right. And I should emphasize again, "Mail::SPF (which is used by Spamassassin) checks for Type SPF first by default." So there is already a non-trivial implementation that is doing it right. The number of other implementations that need to be updated is not very large. Another case mentioned in the spfbis thread on "issue #9" was the python lib for spf, which already has the code to query SPF/99. It would be a 30 minute job to update that to query 99 first. So if I'm missing some TECHNICAL reasons why this proposal isn't feasible, please enlighten me. But all I've seen so far is, "We don't want to do it," which I don't find particularly compelling. Doug
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Masataka Ohta
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE and deprecate … Douglas Otis
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Dave Lawrence
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Andrew Sullivan
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Måns Nilsson
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Paul Hoffman
- Re: [dnsext] Obsoleting SPF RRTYPE Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dotzero
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Joe Abley
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Warren Kumari
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Pete Resnick
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Nicholas Weaver
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Barry Leiba
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] Obsoleting SPF RRTYPE Havard Eidnes
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE S Moonesamy
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Ted Lemon
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Murray S. Kucherawy
- Re: [dnsext] Obsoleting SPF RRTYPE Mark Andrews
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Noel David Torres Taño
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Dave Crocker
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Scott Kitterman
- Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE Hector Santos
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE John R Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE John Levine
- Re: [dnsext] Obsoleting SPF RRTYPE Doug Barton
- Re: [dnsext] Obsoleting SPF RRTYPE Edward Lewis
- [dnsext] loads of TXT records for fun and profit Jim Reid
- Re: [dnsext] Obsoleting SPF RRTYPE David Conrad
- Re: [dnsext] Obsoleting SPF RRTYPE Patrik Fältström
- Re: [dnsext] Obsoleting SPF RRTYPE Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Ted Lemon
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- Re: [dnsext] loads of TXT records for fun and pro… Joe Abley
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Phillip Hallam-Baker
- [dnsext] SPF, a cautionary tale John Levine
- Re: [dnsext] loads of TXT records for fun and pro… Nicholas Weaver
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… David Conrad
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Murray S. Kucherawy
- Re: [dnsext] loads of TXT records for fun and pro… Doug Barton
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… Phil Pennock
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] loads of TXT records for fun and pro… David Miller
- Re: [dnsext] loads of TXT records for fun and pro… John Levine
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale John R Levine
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Douglas Otis
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Doug Barton
- Re: [dnsext] SPF, a cautionary tale bmanning
- Re: [dnsext] SPF, a cautionary tale Murray S. Kucherawy
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] SPF, a cautionary tale Phillip Hallam-Baker
- Re: [dnsext] SPF, a cautionary tale Mark Andrews
- Re: [dnsext] loads of TXT records for fun and pro… Florian Weimer