At 06:05 AM 3/30/2005 +0200, Frank Ellerman wrote:
> some interesting I-Ds I've seen in the last weeks
Not everything moves as slow as SPF, some updates:
2005-03-28 85933 draft-crocker-email-arch-04.txt
2005-03-25 25357 draft-hoffman-hash-attacks-00.txt
2005-03-25 81649 draft-delany-domainkeys-base-02.txt
2005-03-25 52114 draft-otis-mass-reputation-01.txt
The latter is an example for "FUD and flame wars by I-Ds".
Doug should patent this idea if there's no prior art. Bye.
Nice list. I'm not smart enough to tell if draft-otis is FUD or real
worries. I do see that there is a big push to make the DNS queries really
efficient, and capable of withstanding the worst DoS attack
imaginable. CSV does the authentication check in one query, using an SRV
record.
<http://mipassoc.org/csv/draft-ietf-marid-csv-intro-02.html>http://mipassoc.org/csv/draft-ietf-marid-csv-intro-02.html
As I understand it, the IP addresses returned in an SRV record are single
addresses, and only a few will fit. There is also some really awkward
re-definition of existing fields in the SRV record. I think the need for
authentication is universal enough that it deserves its own new record type.
Seems like we need an "SPF-Lite", with nothing but IP blocks. If an ISP as
large as rr.com can list all their mail servers in one SPF record, I can't
imagine there will be many that need "SPF Heavy". Having a compact
notation to indicate large groups of servers will make SPF records much
easier to set up than a zillion little SRV records.
Here is rr.com's entire list:
v=spf1 ip4:24.30.203.0/24 ip4:24.28.200.0/24 ip4:24.28.204.0/24
ip4:24.30.218.0/24 ip4:24.93.47.0/24 ip4:24.25.9.0/24
ip4:65.24.5.0/24 ip4:24.94.166.0/24 ip4:24.29.109.0/24
ip4:66.75.162.0/24 ip4:24.24.2.0/24 ip4:65.32.5.0/24 +mx ~all
Here are some more compact alternatives:
m=24.30.203/24,24.28.200/24,24.28.204/24,24.30.218/24,24.93.47/24,
24.25.9/24,65.24.5/24,24.94.166/24,24.29.109/24,66.75.162/24,
24.24.2/24,65.32.5/24 ...
m=24(24.30.203,24.28.200,24.28.204,24.30.218,24.93.47,24.25.9,
65.24.5,24.94.166,24.29.109,66.75.162,24.24.2,65.32.5) ...
m=24(181ecb,181cc8,181ccc,181eda,185d2f,181909,411805,185ea6,
181d6d,424ba2,181802,412005) ...
Remember, this is the output of an SPF compiler. The input can be a nice
tabular display.
Can SPF3 have *fewer* features than SPF1? That will give everyone enough
time to organize their domains so they don't need macros and redirects.
-- Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *