[Asrg] Re: A Technique for Universal Authentication

[Frank Ellermann <nobody at xyzzy.claranet.de>]

David Nicol wrote:
 
> BATV could declare a syntax to include in TXT records

Yes.

> SPF is too old by now to add features to

No, you can add "modifiers", stuff like batv=what.ever.syntax

New "mechanisms" as in batv:syntax.ever.what would require a
new version, in essence a new tag at the begin of the TXT, as
in v=spf1 vs. spf2.0/pra.
 
> I believe (could be wrong) that it can co-exist in a TXT
> record with other things

Yes, a separate TXT or SPF record with its own tag.  You'd be
limited by the q=txt (or q=spf) response, the complete set has
to fit, same idea as for q=mx and several MX records.

Reviving the old SES idea could be fully integrated into SPF,
it can use its exists: mechanism (for that the sender needs a
name server answering queries about wannabe SES/BATV local
parts, forged or valid).  The BATV senders can identify valid
local parts (otherwise they couldn't reject bounces to forged
Return-Paths), but sharing that knowledge via DNS SPF exists:
with arbitrary receivers might be difficult...  or interesting
for bad actors, how can they abuse this.

With mail it's probably a good idea to write all new protocols
directly for the main mail users, the spammers.  With the less
frequent legit cases as (desired) side effects.

> there's some BCP that gets violated when you start mandating
> parts of names.

Maybe draft-iab-dns-choices-03.txt, but that's not yet a BCP.

The SRV records have name conventions, and IDNA uses xn-- and
reserves similar prefixes.  I can't tell how mandatory that is,
maybe I'm still free to create a label xn--what-ever, or this
depends on the TLD.  An interesting question... :-)

Frank



_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg