James Couzens wrote:
I think this syntax is perfect. As long as the spec states that the
version must come between the "v=" and whitespace, we shouldn't
have any problems. The + modifier to the end to indicate
experimental extensions is adequate and concise. The only
alternative to "+" I could think of would perhaps be "x" or ".x".
Is this really that much of an issue that we need to bother? As you
mentioned, look how far POP made it.. SPF1 isn't even final yet, and
as such I can't see how there are any problems. Once its locked down
that should be it.
This is exactly why I think we would not need a major.minor style
version number, and why a simple modifier to indicate that the record is
not actually spf1 but spf1 with experimental extensions makes a lot of
sense. It not only provides you with explicit declaration of the
version you are publishing records for, but also provides a "testing
ground" for each version for extensions that may be included in the next
version. I can't think of any other cases where we would need to
differentiate domains with multiple SPF records. I really don't expect
SPF to get past version 2, and version 2 will most likely be minor
changes to version 1, with perhaps a few new extensions defined that we
will find out later are extremely useful or needed.
With libspf, if a parsing error occurs, currently the entire parse is
tossed in the crapper and UNKNOWN is returned although I've been
meaning to bring up my desire to have this changed to ERROR or with
the recent re-addition of SOFTFAIL, using that instead.
I think this behavior is appropriate. If you have defined your record
as being "spf1", and you have a mechanism or extension that is not in
the version 1 spec (not to mention an actual syntax error), that is
indeed an error. SPF records need to be interpreted as explicitly
defined policy, not open to arbitrary interpretation of what the
interpreter thinks the publisher /might have/ meant. This is why I like
the + modifier to the version to indicate that the record may contain
something that is NOT defined in version 1. If you define your SPF
record as "spf1+", your tools will make use of this as will any other
peers you are testing your new mechanisms/extensions with, and if the
extensions your testing end up being useful, hopefully they will make it
into spf2.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com