Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thursday, August 22, 2013 09:31:03 Mark Andrews wrote:
> In message <0c3746c3-dac1-471f-bd07-8faf20481337@xxxxxxxxxxxxxxxxx>, Scott 
Kitterman writes:
> > Mark Andrews <marka@xxxxxxx> wrote:
> > >In message <20130821214832.1C92538C0230@xxxxxxxxxxxxxxxx>, Mark Andrews
> > >
> > >writes:
> > >> > It's primarily an issue for applications.  To the DNS, it's exactly
> > >
> > >what it
> > >
> > >> > is, a TXT record.
> > >
> > >I can hand update of A and AAAA records to the machine.
> > >I can hand update of MX records to the mail adminstrator.
> > >I can hand update of SPF records to the mail adminstrator.
> > >I can hand update of TXT records to ??????
> > 
> > No one because it has multiple uses.  This is true whether SPF exists or
> > not.  SPF use of RRTYPE TXT for SPF records mak es that neither better
> > nor worse.
> > 
> > You could publish:
> > 
> > example.com IN TXT v=spf1 redirect=_spf.example.com
> > _spf.example. com IN TXT v=spf1 [actual content here]
> > 
> > Then delegate _spf.example.com to the mail administrator.  Problem solved.
> 
> No, it is NOT solved.  You have to trust *everyone* with the ability
> to update TXT not to remove / alter that record.  You can't give someone
> you don't trust the ability to update TXT.
> 
> With a published SPF record and SPF lookup first stopping on success
> or lookup failure (SERVFAIL) you can give update control of TXT to
> someone you don't trust enough to not remove / alter the SPF TXT
> record.
> 
> You keep telling us the TXT is just another record in the DNS.  Well
> the DNS is managed at the granuality of the TYPE.  4408bis is forcing
> sub-type management to be developed and deployed to maintain the
> status quo.  TXT is no longer "just another record in the DNS" with
> 4408bis as it currently stands.
> 
> And to Google your motto is "Do No Evil".  Publishing a TXT SPF record
> without publish a SPF SPF record is "Evil" as it encourages other to
> do the same.

Your goal seems to be pretty much the opposite of the task the working group 
was given.  You say so even more clearly here:

http://www.ietf.org/mail-archive/web/spfbis/current/msg03948.html

Unless you come with something new, I think I'm done.

Scott K
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]