IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

"John R Levine" <johnl@taugh.com> Thu, 25 April 2013 14:44 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135B221F92BD for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 07:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7YaUXRAOVj8 for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 07:44:53 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 8F23C21F8F28 for <dnsext@ietf.org>; Thu, 25 Apr 2013 07:44:53 -0700 (PDT)
Received: (qmail 17577 invoked from network); 25 Apr 2013 14:44:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=44a8.51794165.k1304; bh=M6GKpW4jiKw7OWBrnc9CpTS6yXpvfZkSHFwt8GbsaUo=; b=NuMPzDrzB6ziH+22xwBNnBqfE15eBGAeRgC0AT0ixTpe1ijQMUUlIOYY29tyW2//JWd0d+dua+QnGvwdXuN6JDG0u1zoCiI9eRY9ten6NZ7WA2T+WJO9iQdqlYGecDHcs3GZwJICl2qPCU/oxp6UUt+r2A0f1Dy+HZYDY27PHMY=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=44a8.51794165.k1304; bh=M6GKpW4jiKw7OWBrnc9CpTS6yXpvfZkSHFwt8GbsaUo=; b=pcsMjMtRtOBFIIan4ESMD7yEcbVRcULxNQDFg6how4AFwor8Tbl71Lse72hScxLm3Y8pix13xAwyH6PR068V7ehL9c+h1thEa8RnhOH9jcnIJv1ZmFkg/B+XkudVQ+cbjEWAMGA60iLxWQNjUV9LWWZr8mFJ4Mu7VY9Tt+VF5oI=
Received: (ofmipd 127.0.0.1); 25 Apr 2013 14:44:30 -0000
Date: Thu, 25 Apr 2013 10:44:52 -0400
Message-ID: <alpine.BSF.2.00.1304251030380.65043@joyce.lan>
From: John R Levine <johnl@taugh.com>
To: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <BB8C643A-FC46-4B2F-B677-F1B7CAB0E79F@frobbit.se>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: "dnsext@ietf.org Group" <dnsext@ietf.org>
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 14:44:55 -0000

>>> Once again, the huge practical barriers to deploying new RRTYPEs made the SPF RR dead on arrival.
>
> John, I completely disagree, as you know, with this statement. What 
> killed SPF RR was the introduction of the TXT kludge for SPF.

You're confusing cause and effect.  For one thing, back in 2004-2005 
getting a new RR type allocated was so painful that it wasn't worth the 
effort when they were trying out SPF.  I realize this problem has been 
somewhat alleviated.

The much more serious reason is that the provisioning systems to let 
system managers install type 99 records into their DNS did not exist, and 
for the most part still do not exist.  I know a lot of the people who did 
early SPF installations and they uniformly reported that even getting the 
provisioning software to support TXT records that have been around since 
the dawn of the DNS was painful, and there would have been no hope for a 
new and exotic record type.  Since their goal was to make SPF actually 
work, they used a kludge.  It's the same reason DKIM uses TXT records.

>> Yes, the ossification of the DNS makes introducing new things 
>> challenging however as Mark pointed out, software was beginning to do 
>> the right thing and there actually are web interfaces out there that 
>> let folks enter SPF records (I use one).

Wow, and it's only taken eight fripping years.  Perhaps if we wait another 
century the provisioning systems will catch up.  If the DNS crowd spent 
half the effort addressing the provisioning problem that you do trying to 
deny that it exists, it'd have been fixed years ago.  My dnsextlang 
proposal is one approach, but surely not the only one.

In any event, the SPF draft is in WGLC.  Feel free to read the extensive 
discussion in the list archives and let them know how you feel.

R's,
John

PS: The system that lets you enter SPF records wouldn't be Godaddy, would 
it?  If so, create an SPF record, then do a dig and try to find it.

v2.23.0 | Report a Bug | By Email