ietf-mxcomp
[Top] [All Lists]

Re: Backward compatibility with deployed SPF records (and choice of domain)

2004-06-26 03:18:10

"Greg" == Greg Connor <gconnor(_at_)nekodojo(_dot_)org> writes:

    Greg> Is this something we need to work on more, or should we
    Greg> leave it like that?  We talked about looking for the
    Greg> "closest SOA name" and looking there, and applying the TXT
    Greg> record at that location to other subdomains that have no TXT
    Greg> of their own.

Oh, it looks like I'm mistaken then: there _is_ a proposal to put
records at the zone apex.  My apologies to the chairs for suggesting
they were mistaken...

    Greg> (I really wish we could go back in time and tell people they
    Greg> need to set up MX records for all deliverable domains and
    Greg> hosts and not fallback to A...  any chance we could declare
    Greg> the fallback-to-A practice deprecated?  It may be officially
    Greg> outside our scope, but it really makes the job of publishing
    Greg> LMAP records a lot harder.)

I think it's still in moderately widespread use, so in keeping with
the philosophy of pragmatism, I think whatever we come up with has to
accept that.

I don't think I'd be happy with a proposal that recommended rejecting
mail from existing zones that neither publish MARID records nor MX
records.  And anything else adds complexity, since you'd have to
figure out in some way whether you were in a MARID-aware subtree of
the DNS before drawing any conclusions from the lack of an MX record.

    Greg> 1c. The group has not agreed on an alternate placement for
    Greg> TXT records other than the label exactly matching the (host
    Greg> part of the) identity being checked.  I.e. a MARID record at
    Greg> example.com does not cover 
user(_at_)www(_dot_)example(_dot_)com(_dot_)

    Greg> That means: the domain owner should create LMAP records for
    Greg> ALL hosts in his domain that have A or MX records.  (Note
    Greg> that a wildcard TXT record does not cover names that have A
    Greg> or MX but no TXT, only names with no defined data at all)

    Greg> Is this something we need to work on more, or should we
    Greg> leave it like that?  We talked about looking for the
    Greg> "closest SOA name" and looking there, and applying the TXT
    Greg> record at that location to other subdomains that have no TXT
    Greg> of their own.

I fear that attempting to tackle this problem may be more than we can
achieve in the timescales.  Unless I'm mistaken, there have not been
yet been any IDs submitted to this WG that specify such a solution.  I
agree that it might be a nice feature of a solution, but perhaps it
should be left as an item for future study...?

I think the question should be whether this WG believes that the lack
of such a mechanism will seriously hamper MARID adoption, and whether
there are any obstacles to adding such a mechanism later.  If the
answer to both questions is 'no' then this should probably be left
till later.

    Greg> What would folks in the group think about defining our own
    Greg> prefix like "v=lmap1"?  I think this is only really needed
    Greg> in the off chance that the semantics are different enough
    Greg> for people to notice. 

I think that given draft-mengwonf-spf and draft-ietf-marid check
different identities, the differences are potentially enough for
people to notice.

It might not matter much, but if we don't allow people to publish
records that are _only_ recognized by MARID-compliant systems, then we
could be creating problems that will be difficult to fix later.

On the other hand I suspect that many people will be able to express a
single policy that will be valid for both the MAIL FROM identity used
by SPF and for the PRA identity currently used by the MARID drafts.
In that case I'd hate for people to have to publish the same record
with two different prefixes, since that will increase the size of the
response (at least if the records are put in the same place).  Hence
my proposal.

   -roy