Re: [spfbis] Last Call: <draft-ietf-spfbis-experiment-09.txt> (Resolution of The SPF and Sender ID Experiments) to Informational RFC

S Moonesamy <> Mon, 04 June 2012 20:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4232621F8863; Mon, 4 Jun 2012 13:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.563
X-Spam-Status: No, score=-102.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NSOb5R+Ft89f; Mon, 4 Jun 2012 13:03:15 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 2D60321F885D; Mon, 4 Jun 2012 13:03:15 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id q54K300r028294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 4 Jun 2012 13:03:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1338840192;; bh=jgJ4GK3RifTXHUyRTpXoKIUeVVMsZLkOutPbx2LraFI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=1moC9XRmXWQTvE1mFV8KJf3y2Asihbv6cAILxHCs1fUpneGOC9B/QepKCQ5k++1ee 77O/V4dQELuMh0Ff/kZUHumnEtKgZNkdf65E8PwvhiIyoiF3hqx/Fp5E5MqnsVWeji r88T7oCuQxGkepuHazewFgd0XczJkir17Qb0DUek=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1338840192;; bh=jgJ4GK3RifTXHUyRTpXoKIUeVVMsZLkOutPbx2LraFI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=uVvSDxqOBb6gNnpXa5TwebcWH1ors65C+UmedGsmN4yqWJAEi+a1iDvyqX86BAM8k /k3tv6EoI0a0RVgimerWPXBytTPp72/LiV46RrtOjuGlmBh/udHY/vBICehBM4zwK9 xJRH6459PC5LUCwJCCoPDvME1zQJmwRuB+bYgknY=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Mon, 04 Jun 2012 12:59:58 -0700
To: Arthur Thisell <>
From: S Moonesamy <>
Subject: Re: [spfbis] Last Call: <draft-ietf-spfbis-experiment-09.txt> (Resolution of The SPF and Sender ID Experiments) to Informational RFC
In-Reply-To: < .com>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Approved-At: Tue, 05 Jun 2012 09:29:43 -0700
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Jun 2012 20:03:18 -0000

Hi Arthur,
At 11:56 04-06-2012, Arthur Thisell wrote:
>I have reviewed the last call draft and find it quite acceptable for 

Thanks for the review.

>I realize I've been quite lax in following this WG lately and I 
>should posted comments earlier.  In hind sight, I doubt any comments 
>I would have made would have made any significant improvements to 
>the draft, it turned out just fine without me.
>That said, here are a few comments...
>1) It was never clear to me why the IESG declared these MARID drafts 
>as being experimental.   Besides the possible confusion between 
>interpreting records as both SPF and Sender ID, I was under the 
>impression that the IESG wasn't sure if these proposals would help 
>or hurt email in general, whether they would damage the function of 
>the DNS, and whether it was appropriate to let individual 
>submissions (the WG concluded without any approved IDs) to be other 
>than experimental or informational.  I'm not sure that there is much 
>point in speculating what the IESG thought, but this draft seems to 
>concentrate on only the SPF v Sender ID conflicts.

The second paragraph of Section 1 of draft-ietf-spfbis-experiment-09 
discusses about the publication status.

>2) I always thought that the type 99 transition plan was faulty, but 
>I could not think of anything better.   This draft glosses over some 
>key points about why it ended up with the transition plan that it did.
>* First, no one could come up with an example of a successful 
>transition where the original had significant deployment (like the 
>TXT records did) and the new version had no significant advantages 
>(the type 99 was exactly the same as TXT, other than theoretical 
>elegance.)  Even MX records still fall back to A records.
>* Jim and Harry from Microsoft expressed very strong objections to 
>any requirement that type 99 records MUST be checked.   Their 
>explanation was that apparently some MS applications used an API to 
>ask about DNS records, my impression was that this API worked 
>transparently on things like netware and their active directory and 
>such too.   No port 53 communication was done via this API, indeed, 
>port 53 was often explicitly blocked at the firewall so clients 
>couldn't even get around using this API if the wanted to.  This API 
>supported a very limited set of DNS records, TXT being one of them, 
>but had zero support for new/unknown record types.   Not only did 
>the then current version of that API have no way of querying type 99 
>records, the next version had been put into feature freeze, and the 
>version after that had no plans on adding such support.
>In short, if the RFCs required checking type 99 records, MS could 
>not produce implementations that could be standard compliant.  They 
>were willing to compromise on many things, but this wasn't one of them.
>On the other hand, people in the MARID WG objected to any 
>requirement to check TXT records, arguing that doing so would hinder 
>the transition to type 99 records since people could just publish 
>TXT records and know that they would always work.

According to the SPFBIS Charter the following is out-of-scope:

     "Revisiting past technical arguments where consensus was reached in
      the MARID working group, except where review is reasonably
      warranted based on operational experience."

The working group followed what was in the charter.

>So, the result was:
>* the RFC MUST NOT require checking type 99 records, or it would 
>lose support of MS.
>* the RFC MUST allow the checking of type 99 records, otherwise no 
>migration would be possible.
>* the RFC MUST NOT require checking of TXT records, or it would lose 
>support of IETF players and hinder migration.
>* the RFC MUST allow the checking of TXT records, otherwise you 
>would lose a large install base.
>I, and others, were quite aware at the time that the language put 
>into the RFC would make it so compliant implementations might not be 
>able to communicate with compliant publishers.  No one came forward 
>with better language.  I felt that as long as TXT could be used, 
>noting else was likely to matter.
>Hindsight is 20/20 and positions appear to have softened over the 
>years.  Things like DKIM managed to get by with much less 
>handwringing and I suspect if SPF was done today, known-bogus 
>language like this wouldn't have made it into the draft.

There were discussions about this issue on the WG mailing list and 
during last IETF meeting ( ).

The matter was noted in the Write-up:

   The discussions about the RRTYPE 99 DNS Resource Record were controversial.
   The issue was resolved.

S. Moonesamy (as document shepherd)