-----BEGIN PGP SIGNED MESSAGE-----
Hi,
http://spf.pobox.com/mechanisms.html#ip6 mentions
that "Could someone with IPv6 experience please provide some input?"
Basically for my domain, my SPF IPv4 DNS entry would be:
unfix.org. IN TXT "v=spf1 ip4:195.64.92.136 -all"
But as I require it to do IPv6 also it would become:
unfix.org. IN TXT "v=spf1 ip4:195.64.92.136
ip6:3ffe:8114:2000:240:290:27ff:fe24:c19f -all"
The IPv4 address has to be listed because my IPv4
provider doesn't make it able to change reverses.
For IPv6 that is no problem and I could also list
purgatory.unfix.org there, which is the same box.
Wellps the only thing I can say is that the above
is quite ambigous for parsing and if SPF would
adapt RFC 2732 it would read:
unfix.org. IN TXT "v=spf1 ip4:195.64.92.136
ip6:[3ffe:8114:2000:240:290:27ff:fe24:c19f] -all"
Which is a bit more clear imho, or if you have
a netblock, using the example 2001:db8::/32
block, which you should use in documentation:
example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip6:[2001:db8::/32] -all"
Tell me what it is going to be and I can start adding
the record to the domains I have access to ;)
On another note, to extend SPF wouldn't it be
a good feature to add something like:
example.com IN TXT "v=spf1 sig:sigserver.example.net"
The 'sigserver.example.net' box could then run
a whois like directory which contains PGP (or other)
signature methods just like the current pgp keyservers.
The advantage here though is that one knows for sure
that the key that is provided their has been put there
by the organisation running the DNS server.
Greets,
Jeroen
RFC 2732 = Format for Literal IPv6 Addresses in URL's
-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / http://unfix.org/~jeroen
iQA/AwUBQEUsUymqKFIzPnwjEQLgdQCfSO/ZrIJDumTVdsA7ckcjxvpKaScAoK0b
/4MziVH8dgmiAPm60HbMLVMb
=bKMF
-----END PGP SIGNATURE-----