ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe)

2004-08-27 06:56:38
from [william(at)elan.net] [Permanent Link] 


On Fri, 27 Aug 2004, David Blacka wrote:


On Thursday 26 August 2004 7:07 pm, william(at)elan.net wrote:


In case we decide to have main record be located within subdomain prefix
depending on the identity, then in order to achieve same effect with
wildcards, we'd still have to place the record in root of the domain, i.e.
 a._marid_pra.example.com. IN TXT "v=spf1 ip4:192.168.0.0/16 ~all"
 *.example.com.     IN TXT "v=spf1 ip4:10.0.0.0/8 ~all"


You seem to be discussing a plan that I, at least, have not seen before.  All 
of the discussion that I have seen has been about actual *prefixes*, which 
isn't what you are showing here.


My mistake, that example was supposed to be
   _marid_pra.a.example.com. IN TXT "v=spf1 ip4:192.168.0.0/16 ~all"
    *.example.com.      IN TXT "v=spf1 ip4:10.0.0.0/8 ~all"
 

To put this another way: clients, when querying for a TXT record using a 
prefix scheme MAY get back TXT records for different protocols and scopes, 
and must be able to pick the correct record from the set.

Yes, exactly.


In my view this makes wildcards are bad choice for achieving scoping and

                          ^-- another typo, should have been subdomain/prefix

identity separation. That is unless we decide that we don't need to support
wildcards at all and in that case to avoid problems (as some will still
do it seeing how its possible), the document would have to specifically
say that you CAN NOT use wildcards or CAN NOT place records in anything
but the specified scope/identity prefix.


What you are seeing is that prefixes (or subdomains, whatever) are a bad 
choice for *solely* dealing with scoping and identity separation.


Basicly I'm saying that we can not rely on using prefixes for scoping 
separation unless we're certain that no wildcard records would exist
(which is probably an impossible assumption) or otherwise we have a 
problem with different scoping records that use wildcards and we can not 
distinguish between. And since we can not achieve scoping by using 
prefix/subdomain system on its own, we have to include scoping identifier
in the data part. But then we might as well just rely on the data part and 
create appropriate and extendeable scoping system there.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: on the topic of IPR, Kevin Peuhkurinen
Next by Date:  Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe), David Blacka
Previous by Thread:  Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe), David Blacka
Next by Thread:  Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe), David Blacka
Indexes:  [Date] [Thread] [Top] [All Lists]