On Tue, Aug 20, 2013 at 12:14:21AM -0700, Dave Crocker wrote:
And as long as I'm asking for more explanation, given the number of
years of use the construct has had and for the number of different
applications, where has the problem (whatever you mean specifically)
been seen?
Quite apart from the DNSSEC example that Patrik sent, underscore
labels also cause problems and confusion when aliases are involved.
The alias stuff is a corner case, of course, but it's still a basic
problem with the approach of specifying policy for a target name at a
different name than the target itself. This trade-off might be a
legitimate one (I certainly think it's preferable to the strategy SPF
adopted, of stepping all over the TXT RRTYPE at a given name), but it
won't do to dismiss the problem with a point-and-laugh argument.
Best,
A
--
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com