>Also recall that the proposed owner name is: _service.[client-domain-name]. >So a zone operator can define client domain name structures in a way that >can address any namespace collision issues they wish to avoid. Presumably, >an "_spf.device1.dept.example.com" TXT record would be about SPF rules >pertaining to device1.dept.example.com, so there is likely not an issue with >it co-existing with a client TLSA record at that same name.
I admire the faith you have in DNS operators, but find it baffling. For a lot of the ones I know, their heads would explode at having to mix TXT SPF records for the incoming mail and TLSA for the outgoing mail at the same names in the same zone files. They'd probably try to kludge it with CNAME and break everything. We already have a managed service namespace, which you can use with trivial ease as _<service>._client._tcp.<domain>. But I'm hearing no, to save 12 characters in the domain name, and 12 lines of code in the clients, we'll tell people to make up random prefixed names and when the collisions inevitably happen, it won't be our problem. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
