It appears that Paul Wouters <p...@nohats.ca> said: >On Jul 17, 2023, at 14:12, John R Levine <jo...@taugh.com> wrote: >> >> >> In view of the wide use of DNSSEC and DoT and DoH, I think the argument that >> triggering TCP is bad stopped being persuasive a while ago. >(Don't we hope people sign the DNS responses with the tokens?) > >I’m sure there are still plenty of tools crafting dns packets or using >simplistic tools that are not able to do TCP or DNSSEC.
I'm sure there used to be, but in 2023? Really? An example or two would be intersting. >> The only somewhat plausible argument I see against stuffing the apex is that >> if people are sloppy, they might invent tokens that could be >confused with each other. ... > >It’s literally what happened to me in the first week of my current $dayjob. I >found 5 tokens that no one knew what they were, whom they were >for and whether or not they were still needed. Um, no. I believe you don't know what they were, but that doesn't mean anyone or anything thought that a token for A was a token for B. Anyway, we agree that adding a bunch of extra stuff to SPF results is a bad idea and that's sufficient motivation to tell people to use _names for their tokens. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
