spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "include" directive in -03 SPF draft

2004-09-16 22:20:10
from [Meng Weng Wong] [Permanent Link] 
forwarded by request of Victor Duchovni, who is a respected
contributor to the Postfix project among other things.

On Fri, Sep 17, 2004 at 12:37:48AM -0400, Victor Duchovni wrote:
| 
| [ Please recirculate as appropriate, even if you disagree, I hope that
|   this point of view will at least get a fair hearing. Perhaps it has
|   already and I am beating a dead horse, if so sorry... ]
| 
| I would like to humbly suggest that the "include" directive is unwise. It
| makes zone administration easier at the cost of much more complex,
| recursive possibly looping query requirements on clients. This is IMHO
| the wrong tradeoff. Configuration of identical SPF data in multiple zones
| should be entirely the responsibility of the zone file administrator who
| can use "include" directives, macros, scripts, and many other tools to
| ensure consistency of SPF data accross multiple domains.
| 
| If we are to learn anything from Dan Bernstein's less than politically
| correct, but without a doubt insightful observations on DNS, it is
| than all features that shift the cost of indirection onto the resolver
| are bad. He rightly rails against A6 records, which are deprecated,
| he corrrectly encourages always "in-bailiwick" NS records (which are
| now the norm since Verisign no longer requires a unique hostname for
| each glue IP). He correctly suggests that indeed were DNS redesigned,
| the burden of converting NS->IP should have been on the server, with
| the on the wire syntax IP valued and names only used as administrative
| convenience in zone files.
| 
| Not all of this universally accepted dogma, but I is IMHO reasonable to
| give this point of view due consideration. Please reconsider the decision
| to burden the standard with client visile "include" directives, this
| should not I think be exposed outside the owners zone management tools.
| 
| -- 
| 
|  /"\ ASCII RIBBON                  NOTICE: If received in error,
|  \ / CAMPAIGN     Victor Duchovni  please destroy and notify
|   X AGAINST       IT Security,     sender. Sender does not waive
|  / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
|                                    and use is prohibited.
|
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: call for volunteers: need someone to write a stunt DNS server, Scott Kitterman
Next by Date:  Re: Patent Application 683624, Douglas Otis
Previous by Thread:  call for volunteers: need someone to write a stunt DNS server, Meng Weng Wong
Next by Thread:  Re: "include" directive in -03 SPF draft, Daniel Quinlan
Indexes:  [Date] [Thread] [Top] [All Lists]