This message is going to be politically incorrect on several
counts and most likely can be safely ignored. OTOH it is
sincere and may contain resonant ideas.
A point I tried to make on the ASRG mailing list is that in
contemplating mechanisms for distributing the valid relay information,
there are two different questions. These questions are, "what
information is being distributed?" and "how do we distribute it?".
These two questions may be referred to as Semantics and Syntax.
spfv1 as it currently stands includes an adequate semantics, even
without formally nestable error responses.
spfv1 as it currently stands (as we all know) uses DNS text records.
I recently read "Managing Gigabytes" by Ian Witten and associates
http://www.amazon.com/exec/obidos/ASIN/1558605703/tipjartransactioA/
which contains discussions of packing information into as few bits
as possible. So today when I read about exapnding SPF information
into a syntactically larger format (XML) I wonder, what about
packing SPF information into a syntactically smaller format, by which
I mean the A record.
In spf we decalre eight mechanisms, which is three bits, each of
which is prefixed with one of four possible prefixes. That's five
bits to say which mechanism and which prefix are in a mechanism.
Associating additional standard DNS records with existing standard
DNS records (by "standard" I mean A and CNAME) can be done by
prefixing a prefix (such as "spf_") to the name of the record
that we are associating the new records with. This mechanism
violates the taboo against reserving names in the DNS system. I
believe the taboo is too strict and prefix name extensions is
an excellent mechanism and just the kind of thing the IANA could
keep a nice registry of. We will need a sequence of records.
The names holding the non-txt records associated with example.net
would be
spf1-.example.net
the first record
and
spf1-SOMETHING.example.net
where SOMETHING matches /\w+/.
So lets say that we need five bits to
specify a mechanism,prefix pair. That gives us six mechanisms
specified in the 32 bits of each A record returned. A DNS reply
for A records can safely hold seven addresses without triggering
packet loss and reordering issues, so we could have plenty of
space in one A record to specify plenty of mechanism, prefix pairs.
42 of them if we just drop the other two bytes, 44 if we wrap
from one to the next.
Each specified pair would cause a look-up of its name, where
SOMETHING is a value from one to 44, and the specifier arguments
to the directives listed in the initial record would be found
by looking up spf1-N-.example.net where N is a decimal number
from 1 to 44 and possibly an extention specifier, depending
on the specifier requirements of the directive in question.
If the last two bits in each address from the initial query
are not wrapped, they become available for modifiers to
be specified as the seventh, fourteenth, twentyfirst,
twentyeighth, and so on directives. These would be specifed
with only two bits so there would only be four kinds to
choose from, but each kind would have its own name space to
register further specification.
Let's see..
Prefixes:
00 + "pass"
01 - "fail"
10 ~ "softfail"
11 ? "neutral"
mechanisms
000 all
001 include
010 a
011 mx
100 ptr
101 ip4
110 ip6
111 exists
modifiers, specified in every seventh specification record
00 redirect
01 exp
10 accredit
11 no modifier
up to seven addresses can be returned from a dns address
look-up on a name. Each one is 32 bits.
aaAAAbbBBBccCCCddDDDeeEEEmm
aa is the prefix for first directive
AAA is the mechanism of the first directive
mm is a modifier.
The argument records spf1-N-example.net are either
address (A) records or alias (CNAME) records. Address
records have one or two entries in them, two to have
the second be a netmask. ip6 records are AAAA records
instead of A records. alias records are in the
domain-spec macro language.
when exp modifiers refer to CNAMES, and the TXT record for
that CNAME is looked up and used as the explanation, otherwise
a TXT record for the argument record is looked up and used
as the explanation.
That's my idea -- I could work it over some more and express the
examples in the spfv1 draft in this compact syntax if people
want me to
David Nicol
--
davidnicol(_at_)pay2send(_dot_)com
"There's a fine line between participation and mockery" -- Scott Adams