On Tue, Aug 20, 2013 at 12:14:21AM -0700, Dave Crocker wrote: > > And as long as I'm asking for more explanation, given the number of > years of use the construct has had and for the number of different > applications, where has the problem (whatever you mean specifically) > been seen? Quite apart from the DNSSEC example that Patrik sent, underscore labels also cause problems and confusion when aliases are involved. The alias stuff is a corner case, of course, but it's still a basic problem with the approach of specifying policy for a target name at a different name than the target itself. This trade-off might be a legitimate one (I certainly think it's preferable to the strategy SPF adopted, of stepping all over the TXT RRTYPE at a given name), but it won't do to dismiss the problem with a point-and-laugh argument. Best, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx