Re: [DNSOP] I-D An Extension to DNS64 for Sender Policy Framework SPF Awareness

Mon, 14 Feb 2022 10:30:58 -0800 

It appears that Klaus Frank  <klaus.fr...@posteo.de> said:
>I wrote an I-D for updating DNS64 to better work for MTA operators. ...

I strongly oppose this ill-considered proposal.  For one thing, it is very
rare for people to try to run mail servers behind DNS64.  SPF is fifteen
years old, and this is the first time anyone has brought up this issue.

For another, trying to guess which TXT records are SPF records and
rewriting them on the fly is unreliable and dangerous. The rewritten
record would always be larger than the original. If the rewritten
string exceeds the size limit of a text string or txt record, then
what?

But most importantly, there is a simple and reliable way to deal with
this issue. When an SPF library recognizes a NAT64 address, which it
can easily do with the method in RFC 8880, it turns the address back
into the equivalent IPv4 address and uses that in the SPF validation.
This will always produce the correct result, and needs no change to
existing standards. Having worked on a few SPF libraries, I can say
these changes would not be hard for anyone with a modest familiarity
with the code.

We've explained this several times already, dunno why we have to do so again.

R's,
John



>Name:        draft-frank-dns64-spf-extension
>Revision:    03
>Title:        An Extension to DNS64 for Sender Policy Framework SPF 
>Awareness
>Document date:    2022-02-14
>Group:        Individual Submission
>Pages:        6
>URL: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.txt
>Status: https://datatracker.ietf.org/doc/draft-frank-dns64-spf-extension/
>Html: 
>https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.html
>Htmlized: 
>https://datatracker.ietf.org/doc/html/draft-frank-dns64-spf-extension
>Diff: https://www.ietf.org/rfcdiff?url2=draft-frank-dns64-spf-extension-03
>
>Abstract:
>    This document describes interoperability issues and resolutions
>    between DNS64 and SPF records for mail transfer agents.  This
>    document also aims to simplify the IPv6 migration for mail transfer
>    agent operators.
>
>    This document updates [RFC6147] and [RFC7208].
>
>
>-=-=-=-=-=-
>[Attachment type=application/pkcs7-signature, name=smime.p7s]
>-=-=-=-=-=-


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to