On Wed, 27 Jul 2005, Arvel Hathcock wrote:
I should like to ask how querying for TXT records constitutes "using DNS in
an incorrect manner".
TXT was an extra record not really for formal "protocol" use, basicly a
commentary field. Correct way in DNS is to have RR for specific use.
I would also like to understand how DNS software,
answering queries for TXT records regularly thereby specifically
functioning as documented, can possibly be construed as "designed
for a different reason".
You're thinking of software, I'm talking about protocol. DNS protocol
was designed for providing link between domain names and internet routing
system. Its kind of low-level protocol "under" all other application
protocols but not actually directly part of routing layer.
Can you further explain on what ground I should feel justified in second
guessing the work product of the DNS effort and instead believe you when
You should not believe me, you should read DNS RFCs and DNS drafts, some
of which I've noted (those by IAB), you should further ask this question
on namedroppers.
you say that, despite the fact that DNS is advertised to work one way
by those who created and endorsed it
It is in fact that design that makes putting public key in dns an issue.
The designers did not really see DNS as appropriate for that kind of work.
But why don't you ask designers yourself - namedroppers is the place.
, and despite empirical evidence to the contrary as evidenced by
millions of SPF and DK records currently extant, nevertheless, DNS
can't do the job and we should move on to something else.
First of all there are no millions of DK records, the number is likely
in order of several thousands (Wayne - was doing testing, he can probably
tell for certain). And as far as SPF, almost all SPF records are small -
not at all like DK would be. That does not mean I'm in favor of how SPF
also abuses TXT, specific RR for it should have been used and I'm not
at all sure that having mail policies in dns is right way to go long-term
(special policy server would have been better, but such did not happen).
Having something tested and it works for you, does not necessarily means
its right way for entire internet architecture, that is why there is a
standards body like IETF that can do cross-area review and IAB.
It's one thing to put a warning that dns-based key publishing may effect the
performance and stability of some DNS implementations - this is certainly
possible. It's another to try and claim that DNS itself is insufficient to
the task.
Choose your terms. I did not say it was insufficient, what I said could
amount to that it is dangerous for dns stability (and not just for
"some dns impementations") and that there are other options available
that would not have the same problem and have other benefits such as not
being constrained by patents.
As always, just my opinion. Your mileage may vary.
The same.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net