Matthew Elvey <matthew(_at_)elvey(_dot_)com> wrote:
I agree with John Leslie:
Thanks, Matthew.
This functionality is not important or very useful.
I do see some cases where it would be useful to enforce the designation
of all subdomains without their own SRV record as "not-authorized", but
I honestly don't think it's sufficiently important to allow it into the
critical-path to CSV adoption. (Thus, I agree that defining the bit is
a good idea; but I much prefer to leave as "optional" what a particular
receiving SMTP server may do because of it. In fact, IMHO, there will be
many servers which would in fact do nothing about it, even if forced to do
the tree-walk to find it.)
I think folks who think it will help a lot haven't thought it through.
It would not significantly help stop spam, except that it would slightly
help early adopters of checking, and soon after become a useless waste
of effort*. I would not be strongly opposed to an additional draft in
CSV that specifies checks for such a bit be made optional up to a sunset
date, and forbidden after that date.
I don't like this idea at all. Flag-days are _very_ problemmatic in
the Internet. Please just leave it as optional, and (if you must) describe
it as less and less useful in published FAQs.
Using the port field for this new bit sounds fine.
I have no religious objections to using a field other than "weight".
I also support handcuffing Otis and Leslie together until they agree on
whether the bit being 0 (the default) or 1 means subdomains must publish.
Most readers probably lack the context to understand this.
At IETF61, Doug Otis and I clashed spectacularly in a private meeting
where CSV was being discussed, as to whether the bit to be defined should
be one to indicate that subdomains without SRV records are "not-authorized"
or one to indicate that subdomains without SRV records are "unknown
authorization". Doug believed quite strongly that zero should be reserved
for the "safer" case, and that default-not-authorized is "safer". I
argued that it wasn't clear what "safer" really means, but it was clear
that people who have already published according to draft-marid-csv... are
far more likely to have meant that subdomains without SRV records are the
"unknown-authorization" case.
(I'm not sure there's any need to handcuff us anymore. I will report
that Matthew made a Herculean effort to do so at IETF61, and he should
be commended for it.)
If we can't get them to agree, my second choice is to waste bits:
a value of 1 represent subdomains must publish and
a value of 2 represent subdomains may publish...
This was a suggestion (put forth as a joke, I think) by John Levine.
(I did not rule it out, though...)
--
John Leslie <john(_at_)jlc(_dot_)net>