Issue 1382 (was: Re: [ietf-dkim] New Issue: New resource record type)
Stephen Farrell
stephen.farrell at cs.tcd.ie
Mon Oct 16 07:21:22 PDT 2006
Scott,
The last time we met we had this same issue wrt key records
with the result shown below (excerpted from [1]).
I don't personally know if SSP records are in any way different
from key records, but it does seem to be the case that there is
some general opposition to (re-)using TXT.
And we won't really be able to have the discussion with the DNS
folks (which will be necessary) until we have a concrete protocol
to discuss with 'em.
So I'd suggest that we leave this issue [2] open for now, and come
back to the topic when we've got a concrete protocol on which we
can base the discussion.
Does that sound ok for now?
Stephen.
[1] http://tools.ietf.org/wg/dkim/minutes?item=minutes66.html
[2] https://rt.psg.com/Ticket/Display.html?id=1382
"Bellovin on the DNS directorate issue: question about TXT vs other RR
for _domainkey. Spent 45 minutes at DNS directorate. Steve not chair,
but consensus. Quoting:
"The DNS directorate is unhappy with using TXT records this way. Some of
the reasoning is spelled out in draft-iab-dns-choices-03.txt. At the
least, a registry of _ names is needed, with provision for subtyping,
but subtyping RRs has long been known to be bad . In general, TXT
overloading can be likened to using HTTP as the universal transport
protocol; see RFC 3205 for why that's a bad idea.
A more specific problem for this situation is the issue of wildcards.
Briefly, you can't have a wildcard _domainkeys record; given that email
is the major place where wildcards are used, this is a serious issue."
DNSSEC signing records at least may be found below _domainkeys and other
RRs deliberately or by accident.
Olafur: If doc says "do not use wildcards" that'd be good. Proposes an
experiment to acquire a new type if the WG want to try that (a fast
process apparently).
Doug - eai may expand record as well as longer keys. Suggests that
alternative to TXT might be good for that.
Crocker: Question to Bellovin: Would DNS directorate assert a DISCUSS.
Bellovin: No-one said DISCUSS, but unhappiness. On the plus side, its a
special record and we don't have to contend with other TXT records.
Way forward: WG will only specify a TXT for keys for now."
More information about the ietf-dkim
mailing list