spf-discuss
[Top] [All Lists]

Discovering the Method

2005-04-13 13:04:48
I've changed the Subject, since we are well off the topic of ID declaration.

At 03:31 PM 4/13/2005 -0400, Radu Hociung wrote:
Dave Crocker wrote:
Radu wrote:
I think you hit the nail on the head. Some common way for the recipient to
know which of (CSV, SPF, DomainKeys, etc, etc) is available would be nice.
Otherwise, the recipient is left "hunting", ie, searching all places it
knows about, on DNS or wherever.

What MIME types does a recipient support?
What servers does a target host support?
With extremely few exceptions, Internet mechanisms do not support a
test-before-using model.

If I read your reply correctly, you would support such an initiative which would advertise what else is available.

I think what I call 'hunting' you call 'test-before-using' ?

In fact, for SPF I would suggest we set aside a whole modifer set for this purpose. Perhaps the modifiers that start with the character "o" can be used to designate "other" mechanisms. Ie o{mechanism}=

Rather than have an SPF-specific way of specifying the authentication method, I would propose a general-purpose authentication query. One query to _AUTH.<domain> gets all the authentication information from a domain in summary form, including all methods the domain chooses to use, and as many parameters as they can squeeze into 450 bytes, a limit imposed by the 512-byte DNS message format.

Here is an example of a 339-byte authentication record for a large, complex domain, with many subdomains and thousands of servers all over the USA. This domain provides 3 authentication methods, QR1, SPF1 and DK2. These should be executed in the sequence shown. Parameters for each method are given later in the record, or (if a + follows the method name) in additional records.

meth=QR1,SPF1+5,DK2           ; maximum 5 additional queries for SPF1
QR1:ip=?170(24.30.203;24.28.200;24.28.204;24.30.218;24.93.47;24.25.9),
+4(65.24.5.120;24.94.166.28;24.29.109.84;66.75.162.68;24.24.2.12)
DK2:dk=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5
o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EX
zVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB

For a more complete statement of this proposal see http://purl.net/net/macquigg/email draft-authent-interop-00.htm.

I'm not seeing the need to declare the method in any envelope information. A minimum of one DNS query will always be necessary, and that first query can state the methods.

--
Dave
************************************************************     *
* David MacQuigg, PhD      email:  dmquigg-spf at yahoo.com      *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                   9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.              Tucson, Arizona 85710        *
************************************************************ *


<Prev in Thread] Current Thread [Next in Thread>