IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

Warren Kumari <warren@kumari.net> Thu, 25 April 2013 16:31 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5531021F9457 for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 09:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.11
X-Spam-Level:
X-Spam-Status: No, score=-102.11 tagged_above=-999 required=5 tests=[AWL=0.189, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DfPIRcD8KPfV for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 09:31:13 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id A38FD21F9361 for <dnsext@ietf.org>; Thu, 25 Apr 2013 09:31:13 -0700 (PDT)
Received: from [192.168.1.153] (unknown [66.84.81.117]) by vimes.kumari.net (Postfix) with ESMTPSA id 2CA351B40244; Thu, 25 Apr 2013 12:31:12 -0400 (EDT)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <20130425154235.GP23770@besserwisser.org>
Date: Thu, 25 Apr 2013 12:31:09 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7292D45C-1522-44DB-B6E3-3FCB313D5D16@kumari.net>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se> <alpine.BSF.2.00.1304251030380.65043@joyce.lan> <14A728AE-83DC-4C1F-A88A-6F988D37F2C7@frobbit.se> <20130425154235.GP23770@besserwisser.org>
To: Måns Nilsson <mansaxel@besserwisser.org>
X-Mailer: Apple Mail (2.1503)
Cc: "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 16:31:14 -0000

[-spfbis, because this bit is just DNS ] 
On Apr 25, 2013, at 11:42 AM, Måns Nilsson <mansaxel@besserwisser.org> wrote:

> Subject: Re: [dnsext] Obsoleting SPF RRTYPE Date: Thu, Apr 25, 2013 at 05:03:55PM +0200 Quoting Patrik Fältström (paf@frobbit.se):
>> 
>> On 25 apr 2013, at 16:44, John R Levine <johnl@taugh.com> wrote:
>> 
>>> In any event, the SPF draft is in WGLC.  Feel free to read the extensive discussion in the list archives and let them know how you feel.
>> 
>> They know how i feel. We in IETF do believe in rough consensus. I am this time on the rough side.
>> 
>> That does not imply I am quiet in other places, and I am as many others nervous over the implications.
> 
> This is a slippery slope. One record overload is not bad, but it sort
> of opens the floodgates for systematic overloading. DNSEXT and DNSOP
> certainly need to get involved; because this is way bigger than just SPF.

There were a set of (protracted) discussions in DANE on having our own RR type or overloading TXT.

There were a number of arguments on each side, but much of it boiled down to:
a: web based provisioning systems suck, and some middle boxes dinkle with unknown RR types, so use TXT.

b: overloading TXT is inelegant and required custom and complex parsers. Also, some of the data we want to carry is binary, and so you'd have to b64 (or something) encode it (not insurmountable, but annoying).

As always there were fairly strong views (and each side had folk who were, or believed that they were,  DNS experts), but the consensus ended up being a dedicated RR type.
As an aside, the RR type allocation process was painless and quick.

An easily accessible document describing the implications of choosing an RR type over funky TXT records, and how to evaluate these would be useful.
Added brownie points if the document also describes how to do discovery / naming. TLSA settled on the _port._protcol.host.example.com "standard",  but much time was spent on this discussion (and if tree-walking could be performed, and if so how, etc.)
Yes, everyone's needs are different, but being able say "Some DNS wonks have already thought about this, go read RFC $foo before commenting please" would have been nice.

W

> 
> And IMNSHO spfbis is out of scope prescribing TXT records, just because
> of this contagiousness.
> 
> For the record: I think that the spfbis draft is unfit for publication
> as RFC unless TXT records are deprectaed as only carrier of data.
> -- 
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> ... I want FORTY-TWO TRYNEL FLOATATION SYSTEMS installed within
> SIX AND A HALF HOURS!!!
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext

--
Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs.

v2.23.0 | Report a Bug | By Email