Re: [Uta] Comments on draft-ietf-uta-mta-sts-03

Alberto Bertogli <albertito@blitiri.com.ar> Tue, 28 February 2017 21:02 UTC

Return-Path: <albertito@blitiri.com.ar>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C887E1295B5 for <uta@ietfa.amsl.com>; Tue, 28 Feb 2017 13:02:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2Z8L3Ju-fr2 for <uta@ietfa.amsl.com>; Tue, 28 Feb 2017 13:02:23 -0800 (PST)
Received: from blitiri.com.ar (cdt.blitiri.com.ar [IPv6:2001:41d0:401:3100::2c1a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E785129702 for <uta@ietf.org>; Tue, 28 Feb 2017 13:02:23 -0800 (PST)
Received: from blitiri.com.ar (authenticated as alb@blitiri.com.ar) by cdt.blitiri.com.ar (chasquid) (over submission TLS-1.2-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) (envelope from "albertito@blitiri.com.ar") ; Tue, 28 Feb 2017 22:02:19 +0100
Date: Tue, 28 Feb 2017 21:02:18 +0000
From: Alberto Bertogli <albertito@blitiri.com.ar>
To: Daniel Margolis <dmargolis@google.com>
Message-ID: <20170228210218.GU28122@blitiri.com.ar>
References: <813df83a-841e-4e6a-e3a1-f2852b20ddbc@bluepopcorn.net> <CANtKdUeUrxRzyHeEpq-TdRrEe=_4w4Hvea29OD9k=88mt1KUkg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANtKdUeUrxRzyHeEpq-TdRrEe=_4w4Hvea29OD9k=88mt1KUkg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/iG1427zjdlytPptLBKUEBGkKXGo>
Cc: Jim Fenton <fenton@bluepopcorn.net>, "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 21:02:25 -0000

On Thu, Feb 23, 2017 at 11:01:18PM +0200, Daniel Margolis wrote:
> > 3.1. MTA-STS TXT records
> >
> > There is no IANA registry for reserved hostnames, which is why protocols
> > like SPF store their policies at the domain itself. Is there some reason
> > this is not being done here? The version field can be used to
> > distinguish from SPF records and other TXT records at the domain level.
> >
> 
> This is reasonable, but note that we still require the special hostname for
> the HTTPS host (necessary since some domains will not want to host the
> HTTPS endpoint at the top-level); reusing it for the TXT record seems
> reasonable, no? I'm not wedded to this, but I would avoid unnecessary
> changes unless there's a good reason at this point. Is the risks of
> collision with a pre-existing record high? I would think not.
> 
> (I'm lazy here because we already have various code that refers to this
> record name, and already changed it between version 2 and version 3 of the
> draft...)

For what is worth, as one of the persons who suggested the removal of
the "_" previously (and I'm sorry I didn't realize the problem with the
CNAMEs!), having the TXT at the top level sounds nice to me, pretty much
for the same reasons mentioned before (makes deployment easier).

It has the additional nicety that SPF and friends are also expected to
be at the top level too.  None of this is crucial, but anyway :)

Thanks!
		Alberto