On Tue, Jan 12, 2016 at 9:44 PM, Viktor Dukhovni <[email protected]> wrote:
> > > > On Jan 12, 2016, at 9:32 PM, John R Levine <[email protected]> wrote: > > > > They've appeared under transport names for the past 15 years, which > means that people have expectations about how they're used which I would > not casually ignore. > > And yet client identities are not really transport-specific. > > > > > There are a lot of other prefixed names floating around the DNS. If > someone attempted to use a client name like _spf or _sip or _domainkey or > _dmarc or _adsp or _vouch they and their users would experience an eternity > of pain from name collisions. > > Only if there are TLSA records for those names. > Right. Also recall that the proposed owner name is: _service.[client-domain-name]. So a zone operator can define client domain name structures in a way that can address any namespace collision issues they wish to avoid. Presumably, an "_spf.device1.dept.example.com" TXT record would be about SPF rules pertaining to device1.dept.example.com, so there is likely not an issue with it co-existing with a client TLSA record at that same name. -- Shumon Huque
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
