On Mon, 31 May 2004, Tim Meadowcroft wrote:
Written briefly cos it's late at night, but rather than arguing either/or,
this is a suggestion along the lines of "pay for it only if you want it".
Suggested idea for SPF extension for a sample domain schmerg.com with a
standard SPF1 record
v=spf1 mx -all
SPF v2 (or 1.1 or whatever) keeps the existing syntax and use of TXT records
in DNS, but also allows the specification of a URL that holds the XML record,
hence making XML available to those who really want it, but keeping
arbitrarily large XML out of DNS records
v=spf2 xml=http://www.schmerg.com/spf.xml
or
v=spf2 xml=http://www.schmerg.com/spf.xml mx -all
The above is bad because it is using external protocol. The idea of putting such
records into dns is to minimize work necessary to get the data and not require
dependence on external more complex protocol and since dns protocol is based
on udp and with cashing dns servers it is well designed for quick access
to database with small data payload for each lookup. But problem with XML
is that while syntax is designed to be easily human readable and easily
parseabls, this also works in opposite direction as far as size of the
data record and as such generally xml is bad idea to use with protocol
which is designed for small data payload.
As far as <spf>..</spf> I actually talked to Meng privately about after the
MARID meeting and I thought this would come out a lot quicker from others
too. To be valid in XML world, my suggestion is to slightly change spf
(make "=" primary separator between operator and data instead of ":")
and to make each spf operand to be xml attribute of <spf> element and make
<spf> to be parallel element to <out> under <ep> tree (or possibly just
make them attributes of <out> and <spf> can be synonym of <out>) with each
spf attribute being equivalent to proposed elements under <m> (while
having same attributes for element as subelement is rare, it does happen
in xml specs - in html for example). Note also that most of proposed marid
xml elements are actually already identical in name and function to spf
operators and there is aconversion table (see below). The existing start
of xml specifying schema should also be considered optional to minimize
size of the record and standard template could be added by default based
on very quick version parameter of <out>.. Existing SPF record start would
do the same specifying similar template possibly particular to SPF style.
While this still leaves large xml records then spf, it is not as bad as
full xml schema and when necessary convinient xml extension format can be
used if it becomes necessary to extend the schema.
Here is the translation table between CallerID and Marid from last draft
(things are quite similar to spf):
spf mechanism xml element
--------- -------
a a
exists exists
include include
ip4 without "/" a
ip4 with "/" r
ip6 without "/" a
ip6 with "/" r
mx mx
ptr ptr
Note: I think <r> should have be allowed to include single ip address and
consider
that to be same as if /32 was added at the end. If that is done, it would
make ip4 & ip6 completely equivalent to "r"
Here are also practical examples to what I wrote above:
1. Full xml syntax per CallerID+SPF specification from MARID sent draft:
<?xml version="1.0" charset="us-ascii"?>
<root xmlns="urn:ietf:params:xml:schema:marid-1">
<ep>
<out default=fail>
<m result=pass>
<a>test.example.com</a>
</m>
</ep>
</root>
2. Quicker xml form with out (assumes default for m result attribute is "pass")
<?xml?><ep v=marid=1><out
default=fail><m><a>test.example.com></a></m></out></ep>
3. Quick xml form with spf element
<?xml?><ep v=marid-1><spf +a=test.example.com -all></ep>
4. Same in original SPF style
v=spf1 +a:test.example.com -all
5. Valid mix of <spf> and <out> elements
<?xml?><ep v=marid-1><spf +a=test.example.com -all>
<out default=fail><m><r>10.10.10.0/24</r><m></out><ep>
The attributes for <spf> element would be considered synonyms to longer
tree of <out><m>... elements:
SPF Element Parameter Synonym in Full XML Out Element Spec
+a=xyz <m result=pass<a>xyz</a></m>
-a=xyz <m result=fail><a>xyz</a></m>
~a=xyz <m result=softfail><a>xyz</a></m>
?a=xyz <m result=unknown><a>xyz</a></m>>
+exists=xyz <m result=pass><exists>xyz</exists></m>
..and so on...
-all <out default=fail>
+all <out default=pass>
~all <out default=softfail>
?all <out default=unknown> (default for marid)
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net