----- Original Message -----
From: "Stephane Bortzmeyer" <bortzmeyer(_at_)nic(_dot_)fr>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, November 11, 2004 3:15 PM
Subject: [spf-discuss] [IETF] Allocation of the new RR type for SPF
Yesterday, I had the pleasure to present the DNS issues of SPF to the
IETF DNS Extensions Working Group (also known as "namedroppers"). The
main question was the allocation of new DNS Resource Record (RR) type,
per draft-lentczner-spf-00, 3.1.1.
Many thanks Stephane - nice work :-)
The co-chairs of the WG were extremely clear that only the DNS side of
SPF would be discussed, thus avoiding any uninformed debate about
email authentication.
There was a clear agreement to a new RR type (which is consistent with
draft-iab-dns-choices-00, which basically says that "Thou shalt not
use TXT records").
There were two problems raised:
* one is old: the coexistence of the two RR types and the transition
period. As all SPFers and MARIDers know, this question has been hashed
and rehashed so many times that most people no longer want to hear
about it :-) Nevertheless, IETFers like Peter Koch were extremely
vocal about it, asking for no TXT records at all and just the new
record, disclaiming installed base as either inexistant or
unimportant. Some more moderated people requested a clear move towards
the new records (SPF implementations MUST query the new type and MAY
query the old, you get the idea). [Side note : all competitors of SPF
use TXT records and do not even try to get a new RR type.]
Yea - well - the reality will be that things will be resolved over time and
the extremists will just have to live with that reality. At least there's
recognition of the issue, and apparent willingness to allow it to be
resolved.
* one is more recent: the draft currenlty defines the new RR type by
saying "identical to TXT format". Some peope (like Mark Andrews, ISC,
one of the authors of BIND), felt that TXT format definition is not
clear enough (specially with the catenation of two strings). Most DNS
RR types have a clear structure (like the MX type, which has priority
and server name). SPF would be the only one with free form. [Because
SPF is a mini-language, it seems the only possible approach to me.]
It's never going to be anything other than free-form , imho. We can't
afford to nail it down too tightly in case someone comes up with a new idea
in 6 months. Record length limitation is probably a good thing as it will
stop spf getting so complicated that no-one uses it ;-)
Presumably the new RR type will allow publishers to define a ttl for that
specific record? That's mighty useful when you're adjusting or moving
domains around.
These two questions did not seem to be a stopper for most people. The
WG should formally review the DNS part of the draft now if the "SPF
community" ask it to do so.
Sounds like a first job for the new council ;-)
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492