On Thu, Jun 24, 2004 at 04:41:14PM +0100, Roy Badami wrote:
|
| But, AIUI, CSV in it's current incarnation involves doing an SRV
| lookup on the domain name; how is this more heavyweight than doing a
| TXT lookup. CSV looks just as cacheable to me as SPF, but uses more
| compact records...
|
OK, speaking of CSV in its current incarnation, can anyone
give me a concrete example of how the
authentication/authorization procedure operates?
In SPF, authentication is simple: you do the SPF TXT lookup,
you get back the SPF TXT record, the computer thinks a bit,
and you get a well-defined PASS or FAIL or NEUTRAL, etc
response.
In CSV, http://www.jlc.net/MARID/CSV/draft-ietf-marid-csv-intro-00.html#anchor11
suggests that you do authentication by doing a A lookup of
the HELO name;
(if an SRV lookup against _client._smtp.DOMAIN returns "2",
AND
(the IP address of the SMTP client is one of the A records of the HELO name,
OR
the IP address of the SMTP client was returned in the SRV
response's Additional Data section,)
THEN that is equivalent to an SPF "PASS".
Is that correct?
I would request that the next draft of the CSV proposal
contain some examples and walkthroughs.