ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values]

2006-03-27 22:17:50
from [Hallam-Baker, Phillip] [Permanent Link] 
The statement made by Microsoft was that none of the Microsoft DNS servers
have the ability to publish new RRs without breaking the administration
model completely. In particular they have no administration tool for
entering the RRs and no way to save them out.
 
It is possible to enter RR values into the database by non standard
administration interfaces but not by a method that survives a reboot.
 
Given the amount of disinformation and the refusal of the DNS group to
accept the statements made by Microsoft then I am not too inclined to accept
heresay statements on the subject now. 
 
For deployment of a new RR to be possible it must be supported to production
quality for the platform concerned. On the windows platform that means that
it has to be possible to enter the RR through the standard administrative
interface. 
 
 
There are a few changes in Windows 2003 R2. In particular the server can be
configured to allow through DNSSEC records from other DNS servers and to
accept zone transfers for unsupported records. I am unable to find a
description of how to enter an unsupported RR through either the command
line or GUI.
 
On the plus size the default UDP packet size is 1260 bytes, not 512. If we
are all so confident that new RRs will work then why does everyone (Olafur
included) pay such strict attention to this particular limit? 
 
I think that what we are seeing here is more wishful thinking by people who
are not going to be damaged by the consequences. If they can get us to make
DKIM dependent on deployment of the infrastructure necessary to support new
RRs then they don't have to do that job. 
 
 
 


  _____  

From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org]
On Behalf Of Jim Fenton
Sent: Monday, March 27, 2006 11:20 PM
To: Hector Santos
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values]


Hector Santos wrote: 

----- Original Message -----

From: "Jim Fenton"  <mailto:fenton(_at_)cisco(_dot_)com> 
<fenton(_at_)cisco(_dot_)com>

To:  <mailto:ietf-dkim(_at_)mipassoc(_dot_)org> 
<ietf-dkim(_at_)mipassoc(_dot_)org>





  

- There is only a small deployment of SSP records at this point

- There are good reasons for going to a new RR

- Unlike key records, there's no way to advertise whether to do a TXT or

"new RR" query for SSP



it seems like there are good reasons to accelerate the definition and

adoption a new RR for SSP.  In its most terse form, the "practices"

could mostly be defined as a number of independent, one-bit values.  In

any case, spending a lot of time on a definition that assumes TXT

records doesn't seem productive.

    



During MARID,  it is was my understanding that  non-active directory

versions of Microsoft DNS servers do no support the addition of new RR

records and during MARID this was one primary reason for sticking with TXT

(besides its obvious simplicity).



Is this correct?  If so, it is important?

  

This is all hearsay, but what I hear is that this problem was corrected in
SP2.

-Jim

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Jim Fenton
Next by Date:  Re: [ietf-dkim] Recommend not adding DNS RR(s) into DKIM base doc, Eliot Lear
Previous by Thread:  [ietf-dkim] Recommend not adding DNS RR(s) into DKIM base doc, Mark Delany
Next by Thread:  Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]