On Tue, Apr 30, 2013 at 12:52 PM, David Conrad <drc(_at_)virtualized(_dot_)org>
wrote:
SPF using TXT and hence, SPFBIS forces the uniquification of the DNS
response into the application instead of in the DNS library. Given the
ordering of individual TXT RRs within an RRset is not guaranteed, I suspect
the chances that every application is going to do that parsing correctly is
relatively low (btw, the example in 3.3 in spfbis-14 is a bit misleading:
assuming "second string" is in a separate TXT RR (which is implied), the
concatenation might be "second stringv=spf1 ..... first"). The more
interesting bit is if/when another protocol uses TXT at the same ownername.
Yes, I understand all of that, and I've written code to deal with it. It's
not rocket science.
The RR has been allocated and it is supported in most DNS servers and
resolver libraries in one form or another. Provisioning systems take much
longer, but that isn't surprising and shouldn't be an argument to deprecate
(if it is, we might as well close the RRtype registry for new entries).
We're not only talking about provisioning systems here. We're also talking
about interference with queries and replies at the DNS protocol level. The
survey work done for RFC6686 showed that something on the order of
thousands of domains in the sample set suffered from this. It is a very
real issue for a deployed protocol.
In the past, the IETF used to make decisions based on long-term
technical/architectural correctness, even in the face of pragmatic
complications (e.g., the choice to mandate strong crypto despite real world
challenges some companies faced in exporting that crypto in products). In
this particular case, there seems to be an argument to explicitly disallow
the long-term technically/architecturally correct approach because some
folks choose not to add an RR to their zone files or support that RR in
their provisioning systems. As I said in DNSEXT, this seems like the wrong
approach to me.
All things being equal, I would agree with you. And if SPF were starting
anew today, I suspect I might have a different opinion. The question,
then, is the weight of the mitigating circumstances, which obviously the
two communities evaluate quite differently.
-MSK