On Tue, 2005-06-21 at 22:04 +0000, John Levine wrote:
First problem:
If we only permit one SRV record, the typical case takes one lookup,
the worst case is two. If we permit multiple SRV, hostile senders
can make lookups arbitrarily slow,
No. If we permit an infinite number of SRV records, then hostile senders
can make lookups arbitrarily slow. If we permit a maximum of N records,
then hostile senders can make lookups only N times as slow as they can
anyway.
e.g., what does your implementation
do with this?
_client._smtp.sl.services.net.
It takes about 20 seconds to say:
helo sl.services.net
550 CSV result: CSA records do not include 2001:8b0:10b:1::1
If you included only _one_ of those SRV records, then it'd still take a
few seconds.
If we permit multiple RRs, we'll have to add "too slow" heuristics
like SPF does. Blech.
If we permit an infinite number, we might. A limit could be imposed
which is larger than one, though.
Second problem:
What are the semantics of multiple SRVs? If they all have the same
numbers and they're all 1 2 0 or all 1 2 1, we probably agree that we
take the union of the addresses in the A records as the set of
authorized addresses. But what do all of the other permutations mean?
Some are obvious, others can be forbidden and result in an error. It
isn't particularly complicated.
--
dwmw2