ietf
[Top] [All Lists]

Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

2013-08-21 22:21:19
On Thursday, August 22, 2013 09:31:03 Mark Andrews wrote:
In message 
<0c3746c3-dac1-471f-bd07-8faf20481337(_at_)email(_dot_)android(_dot_)com>, 
Scott 
Kitterman writes:
Mark Andrews <marka(_at_)isc(_dot_)org> wrote:
In message 
<20130821214832(_dot_)1C92538C0230(_at_)drugs(_dot_)dv(_dot_)isc(_dot_)org>,
Mark Andrews

writes:
It's primarily an issue for applications.  To the DNS, it's exactly

what it

is, a TXT record.

I can hand update of A and AAAA records to the machine.
I can hand update of MX records to the mail adminstrator.
I can hand update of SPF records to the mail adminstrator.
I can hand update of TXT records to ??????

No one because it has multiple uses.  This is true whether SPF exists or
not.  SPF use of RRTYPE TXT for SPF records mak es that neither better
nor worse.

You could publish:

example.com IN TXT v=spf1 redirect=_spf.example.com
_spf.example. com IN TXT v=spf1 [actual content here]

Then delegate _spf.example.com to the mail administrator.  Problem solved.

No, it is NOT solved.  You have to trust *everyone* with the ability
to update TXT not to remove / alter that record.  You can't give someone
you don't trust the ability to update TXT.

With a published SPF record and SPF lookup first stopping on success
or lookup failure (SERVFAIL) you can give update control of TXT to
someone you don't trust enough to not remove / alter the SPF TXT
record.

You keep telling us the TXT is just another record in the DNS.  Well
the DNS is managed at the granuality of the TYPE.  4408bis is forcing
sub-type management to be developed and deployed to maintain the
status quo.  TXT is no longer "just another record in the DNS" with
4408bis as it currently stands.

And to Google your motto is "Do No Evil".  Publishing a TXT SPF record
without publish a SPF SPF record is "Evil" as it encourages other to
do the same.

Your goal seems to be pretty much the opposite of the task the working group 
was given.  You say so even more clearly here:

http://www.ietf.org/mail-archive/web/spfbis/current/msg03948.html

Unless you come with something new, I think I'm done.

Scott K

<Prev in Thread] Current Thread [Next in Thread>