IETF Logo Mail Archive

Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

Mark Andrews <marka@isc.org> Wed, 28 August 2013 14:52 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 979E211E81B6 for <ietf@ietfa.amsl.com>; Wed, 28 Aug 2013 07:52:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[AWL=0.198, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzVxNF04T5Na for <ietf@ietfa.amsl.com>; Wed, 28 Aug 2013 07:52:46 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id F0D3311E819F for <ietf@ietf.org>; Wed, 28 Aug 2013 07:52:45 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id C9478C94A8; Wed, 28 Aug 2013 14:52:32 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1377701565; bh=wcZlIs+kRLyfUWC79Q8507XIv+VqdekiPMrlBSCUBII=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=HLCoVG6z2KCLmIybt8CL57fMZkzY4WBoFHFhetn3A7SX96RLYnPrtBVc3n+W8XmgX TiRbyRcVi3Ai6Kyse3lJM0IteT6iwYu7gMlMYGaOemLhSDWXPRD+f9XQh1Umqnr1dj l9jJ0fvD1Tmt5pFb0VFVMgl9SoVZorMgpyIrN1i0=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Wed, 28 Aug 2013 14:52:32 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id E2A76160459; Wed, 28 Aug 2013 14:53:13 +0000 (UTC)
Received: from drugs.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id AF45C160446; Wed, 28 Aug 2013 14:53:13 +0000 (UTC)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id 93D4F38F1E0F; Thu, 29 Aug 2013 00:52:20 +1000 (EST)
To: S Moonesamy <sm+ietf@elandsys.com>
From: Mark Andrews <marka@isc.org>
References: <9884B9CD-0ED3-4D89-A100-58D05EA4BC98@gmail.com> <6.2.5.6.2.20130823234808.0b7cfed0@elandnews.com> <C5D75C5C-D468-4104-A478-0A055F43AED9@gmail.com> <6.2.5.6.2.20130826182352.0cac3298@elandnews.com> <330A924C-17DA-4082-92AD-FDB6EF09192A@hopcount.ca> <6.2.5.6.2.20130827090837.0d7b3e18@elandnews.com> <6.2.5.6.2.20130828044224.06ee3980@resistor.net>
Subject: Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
In-reply-to: Your message of "Wed, 28 Aug 2013 05:24:48 -0700." <6.2.5.6.2.20130828044224.06ee3980@resistor.net>
Date: Thu, 29 Aug 2013 00:52:20 +1000
Message-Id: <20130828145220.93D4F38F1E0F@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: ietf@ietf.org, bmanning@vacation.karoshi.com, Patrik Fältström <paf@frobbit.se>, mansaxel@besserwisser.org, Olafur Gudmundsson <ogud@ogud.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 14:52:51 -0000

In message <6.2.5.6.2.20130828044224.06ee3980@resistor.net>, S Moonesamy writes
:
> Hello,
> 
> It's difficult, some might say impossible, to get agreement on 
> draft-ietf-spfbis-4408bis.  I would like to ask each of you, and 
> anyone else, to provide your opinion about the following:
> 
> RFC 5507 primarily raises three concerns about TXT records:
> 
>    1.  The data in TXT is unstructured and subject to 
> misinterpretation by other
>        applications.
> 
>    2.  Wildcard issues.
> 
>    3.  Size issues.
> 
> The draft addresses (3) by discussing size considerations, and 
> tangentially addresses (1) in Section 3.4.
> 
> I would like to ask everyone not to turn this into a debate by not 
> discussing about the opinion stated by someone else.
> 
> Regards,
> S. Moonesamy (as document shepherd)

I would start by saying that the list of issues identified by RFC
5507 is not complete.  RFC 5507 addresses selection of data to be
returned by the nameserver.

It fails to address the issues of updating data in the server using
RFC 2136 + RFC 2845.  For prefix, suffix and a new types this is
pretty straight forward as you have a <name,type,class> tuple that
is unique to the application and nameservers have access control
mechanisms that are designed to allow / disallow updates at this
level so you can hand out the ability to update records without
having unintended consequences.

When you place selectors inside records which have a shared purpose
you lose the ability to hand out selective update without risking
unintended consequences or you require nameserver vendors to develop
new access control mechanisms which work on the record contents in
addition to the <name,type,class> tuple.

You can't say delete all records of this type at this name then add
this replacement set in a single transaction.

It becomes read the data at the tuple, workout what to delete, send
a update message that selectively deletes then adds records.  This
introduces race conditions etc.

As for wildards.  Spf is often used to say that names generated by
wildcards do not send email.  This essentially precludes the use
of a prefix.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email