With no DNS hats I am against this proposal. Mr Levine did a fine summary I concur with.
tim (again, no DNS hats) On Mon, Feb 14, 2022 at 1:31 PM John Levine <jo...@taugh.com> wrote: > It appears that Klaus Frank <klaus.fr...@posteo.de> said: > >I wrote an I-D for updating DNS64 to better work for MTA operators. ... > > I strongly oppose this ill-considered proposal. For one thing, it is very > rare for people to try to run mail servers behind DNS64. SPF is fifteen > years old, and this is the first time anyone has brought up this issue. > > For another, trying to guess which TXT records are SPF records and > rewriting them on the fly is unreliable and dangerous. The rewritten > record would always be larger than the original. If the rewritten > string exceeds the size limit of a text string or txt record, then > what? > > But most importantly, there is a simple and reliable way to deal with > this issue. When an SPF library recognizes a NAT64 address, which it > can easily do with the method in RFC 8880, it turns the address back > into the equivalent IPv4 address and uses that in the SPF validation. > This will always produce the correct result, and needs no change to > existing standards. Having worked on a few SPF libraries, I can say > these changes would not be hard for anyone with a modest familiarity > with the code. > > We've explained this several times already, dunno why we have to do so > again. > > R's, > John > > > > >Name: draft-frank-dns64-spf-extension > >Revision: 03 > >Title: An Extension to DNS64 for Sender Policy Framework SPF > >Awareness > >Document date: 2022-02-14 > >Group: Individual Submission > >Pages: 6 > >URL: > https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.txt > >Status: https://datatracker.ietf.org/doc/draft-frank-dns64-spf-extension/ > >Html: > >https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.html > >Htmlized: > >https://datatracker.ietf.org/doc/html/draft-frank-dns64-spf-extension > >Diff: > https://www.ietf.org/rfcdiff?url2=draft-frank-dns64-spf-extension-03 > > > >Abstract: > > This document describes interoperability issues and resolutions > > between DNS64 and SPF records for mail transfer agents. This > > document also aims to simplify the IPv6 migration for mail transfer > > agent operators. > > > > This document updates [RFC6147] and [RFC7208]. > > > > > >-=-=-=-=-=- > >[Attachment type=application/pkcs7-signature, name=smime.p7s] > >-=-=-=-=-=- > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
