In <20040908020217(_dot_)GB23667(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Tue, Sep 07, 2004 at 05:47:22PM -0700, Max Kanat-Alexander wrote:
|
| Is it OK to write 1.2.3/24, or MUST I write 1.2.3.0/24? It would be
| easier for implementation if the second form was required.
|
| My apologies if this has already been mentioned or discussed elsewhere.
I have the feeling that people are going to write the first
form, so we might as well require implementations to support
it. As long as it's not ambiguous, lazy is okay.
Similarly "ipv4" and "ipv6" being synonyms for "ip4" and
"ip6", and "a:1.2.3.4" being interpreted as "ip4:1.2.3.4".
That seems to happen rather often.
<rant>
Over the last year or so, Meng and I have gone around and around on
this issue. In general, Meng appears to be willing to let
implementations do whatever they want to try to fix up errors in SPF
records. I, on the other hand, think that it is very important to
have a consistent interpretation of an SPF record between
implementations.
I strongly believe that implementations MUST detect all syntax errors
and return PermError in such cases.
If we want to support these common deviations from the spec, I think
we should put them into the spec and have all implementations support
them.
This is email we are talking about, not some formatting of a web
page. I think it would be very bad to require ever implementation of
SPF/SenderID to know about weird voodoo magic that is needed to work
reliably the way web browers are required to know. I think SPF
records should be handled much more like a Java virtual machine, where
all errors are (in theory) detected and (in theory) all results are
the same everywhere.
I have submitted patches to require strict syntax checking. Neither
Meng nor Mark appear to be concerned about this issue and they control
the spec. I've pretty much given up on this issue. I suspect that
one day, someone will write up a big compatibility guide so that
publishers know what kind of stuff they can get away with, and
implementers will know what kind of bogus stuff will get thrown their
way that everyone else "does the right thing" with.
</rant>
For those who want to review the subject, here are a couple of posts
to the SPF-discuss mailing list:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200403/0424.html
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200403/0428.html
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200403/0441.html
-wayne