spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com

2006-05-06 21:30:39
from [Hector Santos] [Permanent Link] 
----- Original Message -----
From: "Julian Mehnle" <julian(_at_)mehnle(_dot_)net>


Those two MUSTs are there for a reason.  A record is either valid or
not.  We can't have sort of, sometimes valid records.  Skipping MUSTs in
an RFC means you haven't implemented the RFC.


You are right.  We _should_ care whether receivers ignore the processing
limit, because it makes invalid records appear valid.  The more receivers
ignore the processing limit, the more domain owners will think that it
generally doesn't apply.


First, lets keep in mind a RFC is a recommendation.

IMO, an implementation can choose to do things differently as long  if the
end result is not different.

The problem here is an artificial limit of 10. Why 10?  Was there a DNS
scientific study done that shows 10 is where critical bandwidth issues
begin?

I always felt the 20 limit for Recursion was too high and I pointed out  it
should be lowered.  So if there were any talk or discussions about lowering
this value,  I probably figured I didn't need to get involved since there
was "consensus" to lower it.  But I was thinking about the recursive limit.
Not just mechanism count.

I fail to see an artificial limit of 10, a  SWAG (scientific wide ass
guess), that is basic on lookup mechanism count, not redundancy where the
real DoS attack is possible.

End result?

A created an erroneous PERMERROR for the world's largest computer software
company in the world - love em or hate em - Microsoft and who else what
other large company using SPF.

If you call that good PR,  then I'm be a monkey's uncle.

All this does is provide bashing feed to nay-sayers and the IETF people.

Now that we have an RFC for SPF, which is great.  We now need to get some
official BCP for it.   One of them would be to correct this SWAG 10 limit
and make it more based on redundancy and cache tracking.   Not Lookup
Mechanisms.

JMO

---
HLS


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Hector Santos
Next by Date:  [spf-discuss] SPF project needs your help finishing new project website, william(at)elan.net
Previous by Thread:  [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Julian Mehnle
Next by Thread:  [spf-discuss] Re: PermError: Too many DNS lookups at Microsoft.com, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]