At 12:00 PM 3/26/2005 -0500, Radu wrote:
By the way. Since SPF2/PRA records share the same packet space with the
SPF1, we will definately have problems. One of these two MUST move to
their own hostname. For instance _spf.{domain_name} or _spf2.{domain_name}.
I think we may see a requirement for *one* query to return whatever
authentication information is available for a domain, be it SPF, SenderID,
or DomainKeys. ( Unless there is a way we can include the authentication
method in the envelope information. A 'DK' keyword, for example, could
tell a forwarder to skip the authentication query, this message uses
DomainKeys. I see a potential for abuse here, so let's not count on having
any knowledge, prior to the query, of what authentication method is being
used. )
Domains will have to decide what they want to put into their response to
the initial query. A DomainKey alone is enough to overflow one DNS
packet. Maybe the initial query to a domain should return just the record
for their preferred method, and a pointer to records for additional
methods, if supported.
Since there are more spf1 records than spf2 records currently published,
it will probably be PRA that must move.
This gets into some heavy politics. A safer assumption is the final
standard will not favor one method over another. That doesn't mean all
methods get equal space in the initial response to a query, but more likely
that it will be the domain owner's choice which to put first, and all
choices are treated equal in the standard.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *