Phillip Hallam-Baker wrote:
On Fri, Aug 23, 2013 at 3:46 PM, manning bill <bmanning(_at_)isi(_dot_)edu>
wrote:
the question is not that "nobody" checks type 99, the question is
"is the rate of adoption
of type 99 -changing- in relation to type 16?
As John pointed out, support for checking type 99 has decreased and
continues to decrease rather than increase. So waiting longer is not going
to solve the issue.
However, the interest never disappeared. The issue is what are we
waiting for now? The DNS infrastructure support? Why it that such a
problem? Who goes to these IETF meetings? Where are the Microsoft
DNS product managers in these discussions? What do they have to say?
Putting a statement in an RFC does not mean that the world will
automatically advance towards that particular end state.
Thats correct. No one is forced to support RFC 4408bis. From my
perspective, there are four basic major changes to BIS - all optional:
1 - Add Authentication-Result: 5322.header.
2 - Relax SPF HardFail Policy rejections to Accept-Mark operations.
3 - If 2 is perform, then add code to separate user failed messages.
4 - Remove any support for SPF type99 queries and publishing.
For our SPF implementation, we never did #4 for lack of infrastructure
readiness but are ready to support once the the backbone is ready for
it. We will probably will do #1 for all non-HARDFAIL result but we
won't do #2 because it will cause a high redesign cost with #3. Not
performing #3 would be a major security loophole is you begin to
support #2. Until we are ready to do #3 and close that security
loophole, #2 won't happen.
Forcing a WG to adopt a position to suit another constituency is not going
to lead them to advocate for that position in deployment constituencies.
Particularly when the original constituency does nothing to advance
deployment.
+1, but the decision makers really haven't ask the main DNS
constituencies why they have not advanced their (DNS) software or made
it flexible enough for another operators and administrators to
add/manage new RR types or capable of passive and transparent handling
of unknown type recursive passthru queries.
To me, this should be a project leadership responsibility to make sure
the protocol requirements are realistic are not.
--
HLS