Another example where SPF syntax comes unstuck.
A domain uses S/MIME authentication in addition to IP based auth. This
allows a mail message from a bank to display the logo of the bank in a
privilleged part of the display by means of the X.509 logotypes extension.
The following information is needed:
* express statement 'all mail is signed'
* express the message digest of the signing certificate
* express the algorithm supported.
Now consider the following complications:
* Also support pgp message format
* express different signing policies 'mail signed when extension
offered'
* handle the TLS protocol
* encryption
* different key distribution structures - web 'o trust, xkms, domain
key
I don't think anyone can fairly claim that the spf ad-hoc syntax is going to
cope with this. OK you can define ad hoc extensions, but the number of
degree of freedom are huge.
This is not a theoretical proposal. The use of signed mail is already under
serious discussion in anti-phishing forums.
One could argue that this should be handled by a separate record. But then
we are back to the two parsers option anyway.
It took me less than half an hour to write a schema for this application in
XML. I don't think anyone could claim to write a parser for a corresponding
SPF syntax in the same time.