Re: [DNSOP] I-D An Extension to DNS64 for Sender Policy Framework SPF Awareness
John Levine <johnl@taugh.com> Mon, 14 February 2022 18:30 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F28C53A094B for <dnsop@ietfa.amsl.com>; Mon, 14 Feb 2022 10:30:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.151
X-Spam-Level:
X-Spam-Status: No, score=-4.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=IUlqHam4; dkim=pass (2048-bit key) header.d=taugh.com header.b=c66ASfbp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPdP8LtO4Ukh for <dnsop@ietfa.amsl.com>; Mon, 14 Feb 2022 10:30:37 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 411133A0921 for <dnsop@ietf.org>; Mon, 14 Feb 2022 10:30:33 -0800 (PST)
Received: (qmail 74858 invoked from network); 14 Feb 2022 18:30:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=12466.620a9fc7.k2202; bh=htH0t5XZKnGeWk0c/2cm9U/OXYce9GvT2HM7TbClqRM=; b=IUlqHam4TyZNbetdsVBS2Lhjwds3KepRuKMtnxkYdFatOD9aE/7uc/3PHQl6wutddJs9HZ4GfksIVCduUzeFlVtjIItSfpfLTMl2wYpDjHtPtRTeK0NvfqOovbRsOtzS//mkkso0j1NqyqxTAcDVUvxFwAahCp5x8Dy+ylPkl5Ew1Zc7bA0pUuZMLxk4LU6xsav25eGk20HjqKV4pvMTY7uFdAvV9Pa/SrAx/WQVMIzXsp4zicmqkpYZMFlqODi3jVM6Kjtb5qZ6xjwy1hTSw8pp16d/PDHsa2aIrsAi8LoFQiKAi2ZPsbD1to0h3/ecGGArMTM2WUJ+L9pZJ5AbZw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=12466.620a9fc7.k2202; bh=htH0t5XZKnGeWk0c/2cm9U/OXYce9GvT2HM7TbClqRM=; b=c66ASfbpMEdBod8YDQaCmDJDidtgi8mIdB97MFY9KY7YP95a/itOsAS5usVsdi1KlJEhToJ9J60ziAbf2zm1H3n5+ObH2jvZodcw0nP7NDNbqtl879S++eyoaBk+zmHatU8LhQ3aovxiV/8C6rOIGSXsGkoMQnVhS1kJ2Q4o9H6492sJAWXL3cRh1SVj3BSy3ordWAdRCbppvBYbjzNxYdbbVSF3EGpIT+qlwqMkTu6rzPzm6eFWcqH2HhrhIdIevmBAXxSwOCA/C5xq7a6wKfTp6h9nm5fGbn0gtLk0lth3QIvF1X28HDUXkkqU79zxzXZpCmWk9DxV8kRkkTr34w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 14 Feb 2022 18:30:31 -0000
Received: by ary.qy (Postfix, from userid 501) id B824B372A109; Mon, 14 Feb 2022 13:30:29 -0500 (EST)
Date: Mon, 14 Feb 2022 13:30:29 -0500
Message-Id: <20220214183030.B824B372A109@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: klaus.frank@posteo.de
In-Reply-To: <3e0a6d1d-c9fd-0039-f302-ea3ecc81e329@posteo.de>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LniU6eV6LPTEUns5NxbbKw3zUX4>
Subject: Re: [DNSOP] I-D An Extension to DNS64 for Sender Policy Framework SPF Awareness
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 18:30:42 -0000
It appears that Klaus Frank <klaus.frank@posteo.de> said: >I wrote an I-D for updating DNS64 to better work for MTA operators. ... I strongly oppose this ill-considered proposal. For one thing, it is very rare for people to try to run mail servers behind DNS64. SPF is fifteen years old, and this is the first time anyone has brought up this issue. For another, trying to guess which TXT records are SPF records and rewriting them on the fly is unreliable and dangerous. The rewritten record would always be larger than the original. If the rewritten string exceeds the size limit of a text string or txt record, then what? But most importantly, there is a simple and reliable way to deal with this issue. When an SPF library recognizes a NAT64 address, which it can easily do with the method in RFC 8880, it turns the address back into the equivalent IPv4 address and uses that in the SPF validation. This will always produce the correct result, and needs no change to existing standards. Having worked on a few SPF libraries, I can say these changes would not be hard for anyone with a modest familiarity with the code. We've explained this several times already, dunno why we have to do so again. R's, John >Name: draft-frank-dns64-spf-extension >Revision: 03 >Title: An Extension to DNS64 for Sender Policy Framework SPF >Awareness >Document date: 2022-02-14 >Group: Individual Submission >Pages: 6 >URL: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.txt >Status: https://datatracker.ietf.org/doc/draft-frank-dns64-spf-extension/ >Html: >https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.html >Htmlized: >https://datatracker.ietf.org/doc/html/draft-frank-dns64-spf-extension >Diff: https://www.ietf.org/rfcdiff?url2=draft-frank-dns64-spf-extension-03 > >Abstract: > This document describes interoperability issues and resolutions > between DNS64 and SPF records for mail transfer agents. This > document also aims to simplify the IPv6 migration for mail transfer > agent operators. > > This document updates [RFC6147] and [RFC7208]. > > >-=-=-=-=-=- >[Attachment type=application/pkcs7-signature, name=smime.p7s] >-=-=-=-=-=-
- [DNSOP] I-D An Extension to DNS64 for Sender Poli… Klaus Frank
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Vladimír Čunát
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Klaus Frank
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … John Levine
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Tim Wicinski
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Ted Lemon
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Klaus Frank
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Mark Andrews
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Richard Clayton
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Mark Andrews
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Klaus Frank
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … Ted Lemon
- Re: [DNSOP] I-D An Extension to DNS64 for Sender … John Levine