Subject: Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard Date: Mon, Aug 19, 2013 at 03:59:50PM -0400 Quoting John R Levine (johnl@xxxxxxxxx > >>>* The charter disallows major protocol changes -- removing the SPF RR type > >>>is a direct charter violation; since SPF is being used on the Internet. ... > > The SPF working group discussed this issue at painful, extensive length. > > As you saw when you read the WG archives, there is a significant > interop bug in rfc 4408 in the handling of SPF and TXT records, > which (again after painful and extension discussion) we decided the > least bad fix was to get rid of SPF records. I don't see anything > in your note about how else you think we should address the interop > bug. It is in the archives, but for your convenience, and in haste: SPF MUST be published. TXT MAY be published to help in migration. If both, they MUST align. [0] The lookup order should be : Ask for SPF, if not found, ask for TXT, if not found, return ANY. Long-term, one may disregard the TXT fallback. If TXT and SPF differ (and TXT happens to look like SPF syntax), assume that migration is in place, discard TXT and use SPF. And before the whining on query rate starts: The amount of queries is presently uninteresting from a DNS operations perspective. Does matter much less than the squatting on TXT. Besides, we've got caching in DNS, which scales very well. Caching in itself does introduce some pits to fall in, especially regarding TTL in migration states. If deemed suitable, some recommendations on TTL can be discussed. These should however be limited to the unique situation that is trying to publish the same record twice. My naïve hunch is to either recommend publishing both with the same TTL or possibly TXT with a significantly shorter. The latter is probably only interesting in short-term migration states. This discussion is however best had on the spfbis mailing list, after the -19 draft is sent back. > In your case it doesn't matter, since your TXT and SPF records make > no usable assertions, but a lot of people use SPF right now as part > of their mail stream management. Off-topic: They do make usable assertions. It is just that my email policy seems to differ from what you think prudent. I believe I'm free to have a differing policy.[1] Praeterea censeo, Carthaginem esse delendam. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Don't hit me!! I'm in the Twilight Zone!!! [0] Please note that my besserwisser.org records are SPF only. The fact that there is argumentation with a funny prefix in some TXT records is simply "some use" of TXT records. [1] Mail from me should be authenticated by my PGP signature, not by which IP address that happened to deliver it to your MX node.
Attachment:
signature.asc
Description: Digital signature