On Jan 21, 2004, at 5:58 PM, Tim Wilde wrote:
That's the case, alright; xmlns would require HTTP invocations for a
validating XML parser if I recall correctly. It's not a good plan
IMO.
You recall incorrectly. Namespaces, while identified by URIs do not,
in fact, make use of any resource or data stored at that URI.
And thus giving any spammer who wants to nullify SPF a perfect route
to do
so - now it's no longer distributed, all they have to do is DDoS the
server that hosts the DTD. Boom, all of SPF stops working, causes mail
servers to time out, admins to get paged, and code to get ripped out
with
the accompanying statements of "what a piece of worthless garbage".
This, and other concerns that XML will require HTTP fetches are
unfounded. They aren't required for namespaces (see above). The only
externally fetachable things that XML can specify are external DTDs and
Schemas - and, XML documents can always be parsed and processed without
them.
Lastly, on the crazy off-chance that some SPF processor wanted to
perform external DTDs or Schemas, these would be the DTD and Schemas
checks on the SPF records (highly unlikely), XML allows such external
documents to be permanently cached locally. Since the DTD and and
Schemas would be part of the SPF standard, these could hard coded in
any code that wants to use 'em.
Short answer: There is no way at all that any SPF processor would ever
need an external document.
- Mark
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡