spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: [spf-council] Control of name service for the openspf.* domains

2006-07-26 18:05:35
from [Scott Kitterman] [Permanent Link] 
On Wednesday 26 July 2006 20:09, Julian Mehnle wrote:

Council members,

a while ago there was a brief discussion about "control over the openspf
domain names" on spf-private, however only two council members expressed
their opinion and in the end no conclusions were drawn.

The issue at hand is how name service should be controlled for the
openspf.* domains.  The domains are currently owned and paid for by Wayne
(thanks, Wayne!), and their name service is managed by him through
GoDaddy's web interface.  That means that changes to the DNS zones can only
be made by Wayne.

Several months ago, in advance of said discussion on spf-private, Wayne was
mostly out of touch and was only corresponding with me privately and
sporadically, so the single point in failure was actually failing.  (I do
not blame him for that.)  Although Wayne is now back in action, I think
that control over the DNS zones should not be a SPoF in the first place and
that the council should have direct or indirect access at all times.

Two solutions have been brought up so far:

 A. I propose to move the domains' name service to a real name server that
    is under the control of at least two council delegates (see the reso-
    lution about delegation at [1]).  earbone.openspf.org (Wayne's machine)
    may be an option.  I can also offer to host the zones on my server.
    A primary+secondary name server setup would be required.

 B. Wayne proposed to create another GoDaddy account separate from his
    personal account and move the domains to that new account, the password
    for which would then be handed over to some/all council members, and
    the contact e-mail address of which would be set to 
<spf-private(_at_)v2(_dot_)
    listbox.com>.  The drawback, according to Wayne, would be that anyone
    with control over spf-private (i.e. all current and former council
    members, plus possible Listbox staff) could hijack the domains.

Instead of tabling this at a real-time council meeting, I hope to incite
discussion about it here, so council members please state your opinions!

References:
 1.
http://www.schlitt.net/spf/spf-council/2005/06/15_irc_log.html#20050615T221
6


A doesn't solve the problem of controlling delegation from the registrar 
though.  Wayne would still have exclusive control over which name servers 
controlled the domains.

For B, wouldn't someone still have to have the password to hijack the domains?  
The password could be reset and then distributed via e-mail or some secure 
means and not spf-private.    As I understand it, you need to have the 
password and be able to receive mail from Godaddy at the registered address 
to change things significantly?

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [spf-discuss] Re: [spf-council] Control of name service for the openspf.* domains, Scott Kitterman <=
Previous by Date:  Re: [spf-discuss] Implementations/patches website listing policy, Scott Kitterman
Next by Date:  [spf-discuss] Re: a suggestion for super-wildcards, Julian Mehnle
Previous by Thread:  [spf-discuss] Fwd: [spf-webmasters] Addition to the spf site, Scott Kitterman
Next by Thread:  [spf-discuss] Re: a suggestion for super-wildcards, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]