IETF Logo Mail Archive

Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE

Hector Santos <hsantos@isdg.net> Fri, 26 April 2013 17:10 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1976D21F9A48 for <dnsext@ietfa.amsl.com>; Fri, 26 Apr 2013 10:10:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.841
X-Spam-Level:
X-Spam-Status: No, score=-101.841 tagged_above=-999 required=5 tests=[AWL=0.758, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mb+qjNvjsDKN for <dnsext@ietfa.amsl.com>; Fri, 26 Apr 2013 10:10:29 -0700 (PDT)
Received: from secure.winserver.com (mail.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 2B0D921F99FD for <dnsext@ietf.org>; Fri, 26 Apr 2013 10:10:28 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=2193; t=1366996222; h=Received:Received: Message-ID:Date:From:To:Subject:Organization:List-ID; bh=iAphS7R 6p3QGLCd1JaV8rEveK/I=; b=pxPDgv6jnhSbO1Fd7zDQJ87EtOGJHbAc9PDjp1X 9Vm01nyvEyKDf7Yyqk3hGAcEcSicusNxXv0F3WQa1Gj6gYiZsi54O4Fo8JD+j13/ EpJdfc46GBxyLQm3UC9TLYRb8Lf3taB68wEIVimerJJT/lq7fZAELW27vtth8F8Y z4RQ=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for dnsext@ietf.org; Fri, 26 Apr 2013 13:10:22 -0400
Received: from [208.247.131.8] ([208.247.131.8]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1494943121.1698.5436; Fri, 26 Apr 2013 13:10:21 -0400
Message-ID: <517AB4AD.1090103@isdg.net>
Date: Fri, 26 Apr 2013 13:09:01 -0400
From: Hector Santos <hsantos@isdg.net>
User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Scott Kitterman <spf2@kitterman.com>
References: <20130425013317.36729.qmail@joyce.lan> <CAL0qLwYzKnfRArQAVD1M=ccnV079j-D9PHDaB-tLaUwG4vm_BQ@mail.gmail.com> <20130426065221.D8E8133032DC@drugs.dv.isc.org> <1638252.lDf4xVkYCO@scott-latitude-e6320>
In-Reply-To: <1638252.lDf4xVkYCO@scott-latitude-e6320>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: spfbis@ietf.org, "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] [spfbis] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 17:10:30 -0000

On 4/26/2013 9:02 AM, Scott Kitterman wrote:
>
> Since there wasn't the same screaming about DKIM, I wonder if this issue is
> really about the RR type at all or if it's really about the design decision on
> where to place the record?  It seems that SPF is not being penalized in some
> form for having gone to the trouble of getting the type assignment and giving
> it a go.
>

In my view, the DKIM decision was entirely based on the fact SPF was 
getting a huge traction and adoption as a TXT solution.  So why not for 
DKIM? It worked for SPF!

We should also note the mindset were among the same authors for 
protocols that are now entirely TXT:

    SPF    - 99/TXT, Levine against SPF, Murray wasn't around MARID
    DKIM   - TXT only, Murray authored
    VBR    - TXT only, Levine authored
    DMARK  - TXT only, and now a new I-D by Murray
    SPFBIS - TXT only, Murray started SPFBIS.

So we don't have too much "diversity" on the design.

SPF goal is still the same design goal for SPF type. The problem are the 
DNS servers. Getting Microsoft DNS servers to support unnamed RRTYPE 
processing at the very least will immediately change the course of the 
RRTYPE needs in the right direction.

Its a different problem in the same way AUTH-RES isn't ready for prime 
time with SPF - an errata is needed and people need to change their 
Received-SPF reporting.  In the mean time, in the name of across the 
board coding and single-sourcing, you support both even if the AUTH-RES 
support needs to be done with a kludge comment field.   Its the same 
with DMARC design pressures, it "works" better when MTA does the SPF 
processing at the 5322 Payload level (DATA state) or you accept the 
message then do the above tests and it may bounce or perhaps, hopefully 
not, discard:

             SPF FAIL POLICY === DKIM/ADSP DISCARD POLICY

Ideally, if we are going to stick with TXT based solutions and to better 
support integrated systems (ones that may support all of the above, it 
will be at least 4 DNS TXT queries), then we explore a direct solution 
of a single call to return all the sender information one may need 
about, including the message owner and copyright holder domain.

--
HLS

v2.23.0 | Report a Bug | By Email