> On Aug 9, 2017, at 8:05 PM, Daniel Margolis <dmargo...@google.com> wrote:
> 1. Publish a new policy (as with any new policy, updating the TXT record's 
> ID) with mode=none. 
> 2. After all pre-existing policies have expired (e.g. the time of step 1 plus 
> the existing policy's max_age), safely remove the TXT record and current 
> policy.

One corner of the problem space we did not consider:

  * I'd like to be able to delete the "none" policy promptly, by noticing
    a removed TXT record.

  * So it would be nice to be able to remove the TXT record promptly.

  * However, you're suggesting that policy refresh should not happen
    when the TXT record is absent.

  * This implies that the TXT record removal must wait until everyone's
    max_age has expired.

  * Consequently "none" policies will linger in caches needlessly long.

If instead NXDOMAIN/NODATA triggers a policy refresh (new logically
empty id) then senders can flush "none" policies as soon as they
also see the TXT record deleted, and that deletion can reduce the
number of required DNS changes.  Instead of modifying the TXT to
trigger refresh and later deleting it, it can be deleted right

The only complication is that deleted TXT is then, for senders with
a cached policy other than none, just another TXT value (NULL if
using a SQL database or similar) that triggers refresh and cached
policies can then have a NULL id, but a "none" policy with a NULL
id can be deleted right away.

Please think it over...

Uta mailing list

Reply via email to