On Sep 22, 2007, at 6:38 PM, Frank Ellermann wrote:
Douglas Otis wrote (2007-07-25 on the DKIM list):
At this point in time, it should be rather rare for incoming SMTP
servers to depended upon a AAAA record for locating their servers.
The DKIM WG should push to have A or AAAA record discovery
deprecated. Deprecating address record discovery techniques will
eventually simplify where policy needs to be published. At some
point in the future, not publishing an MX record for the
originating domain might cause a message to be rejected.
Hi, scanning old messages I saw that you said this more than once
on the DKIM mailing list. I'm also aware that Meng Weng Wong and
others proposed something in this direction on the SPF and MARID
list back in 2004. It's also related to the expired "null-MX" I-D,
and because of that it might affect various "NOMAIL" solutions
(4408 "v=spf1 -all" and Phil's I-D.hallambaker-nomail).
Email policy solutions assume policy can be asserted for parent
domains and all sub-domains. This is done with DNS wildcard records,
by walking some portion of the DNS tree, or checking for discovery
records. Any existing node within DNS prevents synthesis of a DNS
wildcard policy record. As such, either the domain tree must be
walked, a policy record needs to be published at every existing node,
or at every possible discovery record. Publishing a policy record
adjacent every existing node will be difficult to manage. Walking
even a small portion of the label tree might negatively impact SLD
and TLDs. The level of impact would depend upon consistency of the
implementation of the negative caching of the missing address record
transactions. Some domains disable negative caching for faster
transient error recovery.
I'm not strictly against it, quite the contrary. *But* AFAIK it's
not planned to remove the "A fallback" from 2821bis, in fact
2821bis will augment all discussions of A records with AAAA for
IPv6 compatibility.
AAAA record discovery could be excluded in 2821bis and require the
use of MX records. One solution for resolving whether email policy
might apply can then be validated by discovering an MX record. At
some point, even A records for discovery should be deprecated. The
presences of address records should not necessitate the publishing
email policy.
If you and others feel that the no-MX fallback should be limited to
IPv4 in 2821bis, as it arguably is in 2821, then please say so on
the SMTP list. Fixing the SMTP spec. for IPv6-only senders is
something between tricky and impossible, and your proposal could
shift this task from impossible towards tricky.
The impact of the deprecation would not cause discovery to fail, as A
records could still be used. The impact would likely be felt when
acceptance of a message fails due to the lack of an MX record.
Systems sending diagnostic messages within an organization might be
white-listed to alleviate the publishing of an MX record. Often,
these systems are not intended to communicate with some random set of
domains.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html