IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

David Conrad <drc@virtualized.org> Thu, 25 April 2013 02:34 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2F8721F85C0 for <dnsext@ietfa.amsl.com>; Wed, 24 Apr 2013 19:34:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3+02ygyirzMk for <dnsext@ietfa.amsl.com>; Wed, 24 Apr 2013 19:34:24 -0700 (PDT)
Received: from trantor.virtualized.org (trantor.virtualized.org [199.48.134.42]) by ietfa.amsl.com (Postfix) with ESMTP id 7F52221F8539 for <dnsext@ietf.org>; Wed, 24 Apr 2013 19:34:24 -0700 (PDT)
Received: from [10.0.1.4] (c-24-4-109-25.hsd1.ca.comcast.net [24.4.109.25]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: drc) by trantor.virtualized.org (Postfix) with ESMTPSA id B4D5F17166; Thu, 25 Apr 2013 02:34:23 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20130425013317.36729.qmail@joyce.lan>
Date: Wed, 24 Apr 2013 19:34:22 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org>
References: <20130425013317.36729.qmail@joyce.lan>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.1503)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 02:34:25 -0000

John,

On Apr 24, 2013, at 6:33 PM, John Levine <johnl@taugh.com> wrote:
>>> I personally believe deprecating the SPF RR is the wrong way to go, but I'm
>>> guessing that discussion has already been had.
> Yes, it has.  Did you miss RFC 6686?

I've read it.  Didn't strike me as particularly persuasive towards deprecating the SPF RR, but that's probably just me.

> Once again, the huge practical barriers to deploying new RRTYPEs made the SPF RR dead on arrival.

Yes, the ossification of the DNS makes introducing new things challenging however as Mark pointed out, software was beginning to do the right thing and there actually are web interfaces out there that let folks enter SPF records (I use one). My reading of 6686 would suggest that SPF has greater penetration than either DNSSEC or IPv6 which both face the practical barriers you mention, yet I'd argue deploying DNSSEC and IPv6 are the right thing to do.

In any event, I suppose that's what last call is for.

Regards,
-drc

v2.23.0 | Report a Bug | By Email