On Tuesday, February 28, 2012 02:23:30 PM Doug Barton wrote: > On 2/27/2012 5:56 PM, John Levine wrote: > > The problem is provisioning software. We weenies can stuff anything > > into our DNS servers we want, because we use vi and emacs and (in my > > case) custom perl scripts. For the other 99.5% of the world, what > > they can put in their DNS zones is limited to whatever the web > > provisioning software at their registrar or ISP or web host supports, > > and I challenge you to find any that supports SPF records. > > I have been both the author and a consumer of the types of interfaces > that you're describing, and I had a very peripheral role in the work to > evangelize interface support for new TLDs, IPv6, and DNSSEC; so I'm > familiar with the issue. My experience with these issues tells me that > when there is demand to support a new RRtype, it will be supported. > > So, once again, we need to learn from the mistakes that were made with > SPF. Here is how life goes in most busy enterprise environments: > > Intelligent sysadmin: We need to deploy SPF > Boss: How does it work? > I: Well, eventually it will have its own DNS RR, but for now it works > with TXT records > B: Ok, put those TXT records in > <time passes> > I: It's now possible to use SPF RRs for SPF, so I need to make some > changes, do some testing, etc. > B: Are the TXT records working now? > I: Well yes, but ... > B: We have more important priorities that I need you to spend your time > on, leave the thing that's working alone. > > Or, put more simply, your conclusion seems to be that we can never add > new RRs. Given that adding new RRs is crucial to the growth of the > Internet, I reject that conclusion completely. Here is a suggestion for those who are convinced using a new RR type in getting a new protocol deployed is now trivially easy and people who don't want to do it are lazy/whiners/ignorant/whatever: A few weeks ago a new effort was announced in the mail authentication space called DMARC (see dmarc.org). It's a brand new protocol that so far has minimal deployment. It currently uses and underscored TXT subdomain, but it should be an ideal candidate for a new RR. Why don't you volunteer to help them navigate through what needs to be done to succeed in getting deployment with a new RR type. If you can manage it, that'll be the existence proof that it can be done. Scott K _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf