On 5/22/2004 10:56 PM, Greg Connor wrote:
OK, I was half-joking the first time, but it was meant to be a reminder
that the IN DNS is part of this group's charter. You are
describing/advocating something that is outside this group's charter.
http://www.ietf.org/html.charters/marid-charter.html
| It would be useful for those maintaining domains and networks to
| be able to specify that individual hosts or nodes are authorized
| to act as MTAs for messages sent from those domains or networks.
| This working group will develop a DNS-based mechanism for storing
| and distributing information associated with that authorization.
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Advocating the use of a ~pointer towards the policy statement instead of
the statement itself is precisely within the charter, as the pointer would
certainly be "associated with" that data.
Anyway, that's how DNS works for every other application. I certainly
can't think of any other usage that treats the resolver as long-term
storage, which is pretty close to the position being advocated with XML
documents: rather than store and track policy data inside the affected and
relevant application like everybody else does, let's just make the
resolver deal with it so we can fetch it on-demand. Free storage!
This is such an architectural can-o-worms its not even funny. The next
step after this is ACLs, just watch. "We need ACLs for the policy
statement so that different servers get different views of the policy."
Yah, with a per-record ACL syntax, secure replication, authentication and
all of the other baggage too.
After that somebody will get the idea that what we really need is a small,
fast datagram-based naming service that just points to other data and
doesn't mess with the extra features. What should we call it -- something
to do with "domains" and "naming" and "service" maybe.
Look, I'm not advocating anything other than compact data. I'm perfectly
happy with pre-XML SPF (I've been using it for a while), or RMX, or any of
the other similar proposals as long as they commit to a compact encoding.
I like DomainKeys too, but they'd have to store the certs somewhere other
than DNS before I'd back it. Really, this is all I care about.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/