-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hector Santos wrote:
It has nothing to do with a interoperability issue but a "human SWAG"
artificial limit. Again, this is not a recursive issue where there was
a real security hole concern.
The real DoS concern isn't about recursion. Nobody cares about whether a
DNS lookup is done to execute an "include:" mechanism or an "a:"
mechanism.
The real concern are the "ptr:" and "mx:" mechanisms which count as only
one lookup each but can cause up to 11 lookups. We should have simply
limited the number of actual lookups performed instead.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEXcW3wL7PKlBZWjsRAuW7AJ4jIlg1S6U7Gx5iTarzkVhkCI/PWACg5lUF
4btHVUFFEyA89uc8aDJBzYk=
=2u5V
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com