IETF Logo Mail Archive

Re: [dnsext] getting people to use new RRTYPEs

Douglas Otis <doug.mtview@gmail.com> Fri, 26 April 2013 04:58 UTC

Return-Path: <doug.mtview@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D205A21F86D9 for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 21:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmEOSScbo6hG for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 21:58:18 -0700 (PDT)
Received: from mail-ee0-f41.google.com (mail-ee0-f41.google.com [74.125.83.41]) by ietfa.amsl.com (Postfix) with ESMTP id D177721F8546 for <dnsext@ietf.org>; Thu, 25 Apr 2013 21:58:17 -0700 (PDT)
Received: by mail-ee0-f41.google.com with SMTP id c50so1191415eek.14 for <dnsext@ietf.org>; Thu, 25 Apr 2013 21:58:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=vEQ0z1B0togGqDrRKUNUgNaZdVGztCvW7+kfLwO9b+o=; b=Uw9hlAJ4u6Io/ChrZbwIvvDr5ie38fP73ysDjymBc/kDUQBoRy9B0wDJUOX2AIsBmK QggyqTI5iic++rH7R3fiO1tRF/cb63uSeZiuiBB38/3KDFneWj6q2PtPgEM9tx0ktrgj fS6I/m/KtuRolTFtgMsSfEWdFiYqa+w+USpiSIWpSvV8psO0yuA6ae9A9thFw32HQmPc ZliamO1T0AwepDA/7S/eNvu+wTpxucmtCmKiyK9ZZ1kDPe1IlkofqNO6rGSaMOkf9UhX NATH9wRkCyL2AURqrUea2ERW6cBOWNcaE1bRvgq0BE5MyP9ju29GQelwmqYHVfVVuL08 wkPg==
X-Received: by 10.14.104.6 with SMTP id h6mr38592170eeg.5.1366952297047; Thu, 25 Apr 2013 21:58:17 -0700 (PDT)
Received: from [192.168.1.194] (c-24-4-157-244.hsd1.ca.comcast.net. [24.4.157.244]) by mx.google.com with ESMTPSA id j43sm13870494eep.4.2013.04.25.21.58.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 25 Apr 2013 21:58:16 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <517A0127.4080806@dougbarton.us>
Date: Thu, 25 Apr 2013 21:58:12 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <853014EA-E5C6-429B-AEF4-A6E794FE688E@gmail.com>
References: <20130426034321.68173.qmail@joyce.lan> <517A0127.4080806@dougbarton.us>
To: Doug Barton <dougb@dougbarton.us>
X-Mailer: Apple Mail (2.1503)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] getting people to use new RRTYPEs
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 04:58:19 -0000

On Apr 25, 2013, at 9:23 PM, Doug Barton <dougb@dougbarton.us> wrote:

> On 04/25/2013 08:43 PM, John Levine wrote:
>>>> 1. Insert the ability into the interface to add freeform stuff
>>>> 2. Run the equivalent of named-checkzone prior to committing the change
>>>> 3. Profit!
>> 
>> I don't know whether to laugh or cry.
>> 
>> No, this won't work with provisioning systems in the real world, that
>> have to be usable by people who are not DNS weenies, and work in
>> systems where the software upgrade cycle is months or years, not days.
> 
> Once again, I know that you want to promote your solution for this problem. That's fine, but that doesn't mean that it's the only solution, or even the best one. What I proposed would work "forever." There is no doubt that it requires more DNS knowledge, but most non-experts entering "special" or "custom" DNS are doing cut and paste anyway.

Doug,

To be fair, a significant barrier was the Windows corporate environment translating DNS to RPC with a limited template set.  As it turns out, use of the SPF protocol at the MUA is fairly limited.  While overlaying TXT RR is bad, these also offer policy for any domain or subdomain.  Some may simply wildcard TXT records and create problems for other protocols using these records.  One of the original motivations for overlaying TXT was to permit wildcard use.

IMHO, the high overhead associated with the SPF scheme as IPv6 is deployed seems to ensure a more scalable and safer cryptograph scheme is a likely replacement using standard RRs.  Nothing needed for IPv6 is really being solved using SPF or DKIM.  Currently DKIM is easily spoofed just as Hector demonstrated many years ago.  Few providers are willing to discard based upon SPF failures, but limit use to vetting NDNs.  Many providers unwilling to run macro expansions should have cause this dangerous scheme to have been discarded long before the type 99 resource allocation based upon the same sort of justifications. 

Regards,
Douglas Otis

v2.23.0 | Report a Bug | By Email