spf-discuss
[Top] [All Lists]

Re: XML unification proposal

2004-06-01 05:08:01
On Mon, 31 May 2004, Tim Meadowcroft wrote:

Written briefly cos it's late at night, but rather than arguing either/or, 
this is a suggestion along the lines of "pay for it only if you want it".

Suggested idea for SPF extension for a sample domain schmerg.com with a 
standard SPF1 record

  v=spf1   mx  -all

SPF v2 (or 1.1 or whatever) keeps the existing syntax and use of TXT records 
in DNS, but also allows the specification of a URL that holds the XML record, 
hence making XML available to those who really want it, but keeping 
arbitrarily large XML out of DNS records

 v=spf2 xml=http://www.schmerg.com/spf.xml
or
 v=spf2 xml=http://www.schmerg.com/spf.xml mx -all 

The above is bad because it is using external protocol. The idea of putting such
records into dns is to minimize work necessary to get the data and not require
dependence on external more complex protocol and since dns protocol is based
on udp and with cashing dns servers it is well designed for quick access 
to database with small data payload for each lookup. But problem with XML 
is that while syntax is designed to be easily human readable and easily 
parseabls, this also works in opposite direction as far as size of the 
data record and as such generally xml is bad idea to use with protocol 
which is designed for small data payload.

As far as <spf>..</spf> I actually talked to Meng privately about after the
MARID meeting and I thought this would come out a lot quicker from others 
too. To be valid in XML world, my suggestion is to slightly change spf 
(make "=" primary separator between operator and data instead of ":") 
and to make each spf operand to be xml attribute of <spf> element and make 
<spf> to be parallel element to <out> under <ep> tree (or possibly just
make them attributes of <out> and <spf> can be synonym of <out>) with each
spf attribute being equivalent to proposed elements under <m> (while 
having same attributes for element as subelement is rare, it does happen 
in xml specs - in html for example). Note also that most of proposed marid 
xml elements are actually already identical in name and function to spf 
operators and there is aconversion table (see below). The existing start 
of xml specifying schema should also be considered optional to minimize 
size of the record and standard template could be added by default based 
on very quick version parameter of <out>.. Existing SPF record start would 
do the same specifying similar template possibly particular to SPF style.
While this still leaves large xml records then spf, it is not as bad as 
full xml schema and when necessary convinient xml extension format can be 
used if it  becomes necessary to extend the schema.

Here is the translation table between CallerID and Marid from last draft
(things are quite similar to spf):
      spf mechanism    xml element
      ---------        -------
      a                a
      exists           exists
      include          include
      ip4 without "/"  a        
      ip4 with "/"     r
      ip6 without "/"  a
      ip6 with "/"     r
      mx               mx
      ptr              ptr

Note: I think <r> should have be allowed to include single ip address and 
consider
      that to be same as if /32 was added at the end. If that is done, it would
      make ip4 & ip6 completely equivalent to "r"

Here are also practical examples to what I wrote above:
1. Full xml syntax per CallerID+SPF specification from MARID sent draft:
  <?xml version="1.0" charset="us-ascii"?>
  <root xmlns="urn:ietf:params:xml:schema:marid-1">
     <ep>
       <out default=fail>
         <m result=pass>
           <a>test.example.com</a>
         </m>
     </ep>
  </root>
2. Quicker xml form with out (assumes default for m result attribute is "pass")
  <?xml?><ep v=marid=1><out 
default=fail><m><a>test.example.com></a></m></out></ep>
3. Quick xml form with spf element
  <?xml?><ep v=marid-1><spf +a=test.example.com -all></ep>
4. Same in original SPF style
  v=spf1 +a:test.example.com -all
5. Valid mix of <spf> and <out> elements
  <?xml?><ep v=marid-1><spf +a=test.example.com -all>
  <out default=fail><m><r>10.10.10.0/24</r><m></out><ep>

The attributes for <spf> element would be considered synonyms to longer 
tree of <out><m>... elements:
     SPF Element Parameter      Synonym in Full XML Out Element Spec
      +a=xyz                    <m result=pass<a>xyz</a></m>
      -a=xyz                    <m result=fail><a>xyz</a></m>
      ~a=xyz                    <m result=softfail><a>xyz</a></m>
      ?a=xyz                    <m result=unknown><a>xyz</a></m>>
      +exists=xyz               <m result=pass><exists>xyz</exists></m>
      ..and so on...
      -all                      <out default=fail>
      +all                      <out default=pass>
      ~all                      <out default=softfail>
      ?all                      <out default=unknown>   (default for marid)

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>