spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS RRtypes

2003-10-17 12:44:17
from [Meng Weng Wong] [Permanent Link] 
On Fri, Oct 17, 2003 at 11:57:48AM -0700, Robert Spier wrote:
| 
| And I suspect there is a compromise.  The left/right thing bothers me
| more than using the "generic" TXT RR.
| 
| Why not just encode all the data on the RHS?
| 
| domain.com IN TXT "v=spf1 _smtp_client <spf data>"
| 

OK, we have three kinds of funkiness going on.  Let's look at each one.

1) the top-level policy label.

   all we need is a place to stash "v=spf1 a mx pi ptr default=deny".

   Per Robert's suggestion, this could go into a TXT record for the
   domain itself --- we'd get rid of the "policy._smtp_client" part.


2) the PI lookup zone.

   If the domain defines the PI mechanism, and if the IP is 1.2.3.4,
   we would perform the query 4.3.2.1.in-addr._smtp_client.DOMAIN


3) the LocalPart lookup zone.

   If the domain defines the LocalPart mechanism, and if the user is foo+bar,
   we would perform the query bar.foo.policy._smtp_local.DOMAIN

   That's still evolving.  We could just as well do
     bar.foo.localpart._smtp_client.DOMAIN
   which puts it in the same "subdomain" as #2.


Discussion:

1) Even if we get rid of "policy._smtp_client", we still have the
   problem of "misusing" TXT records; this scenario makes the strongest
   case for a new RRtype.  The DNS guys would take one look at the
   "v=spf1" label and say, "you guys are faking an RR type.  Don't."

2) If we get rid of the subdomain, how do we design reversed-IP lookups?

   4.3.2.1.DOMAIN?  But maybe that space is already populated.

   Underscore labels are nice; they're like secret dimensions.

   Besides, even if we get a new RR type, that doesn't make the problem
   go away.

Suggestions:

1) drop the "policy._smtp_client" and just do DOMAIN IN TXT "v=spf1 ..."

2) Ask IANA for a new RR type now; we can use it for a future version of SPF.

2) Keep using _smtp_client; even if we get a new RR type, there's still
   a legitimate need for a shim between the reversed-IP and the domain
   name.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS RRtypes, Robert Spier
Next by Date:  Dumb list question., Andrew Boling
Previous by Thread:  Re: DNS RRtypes, Robert Spier
Next by Thread:  Re: DNS RRtypes: changing PI, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]