spf-discuss
[Top] [All Lists]

Re: SPF competitor: DVP

2004-05-10 20:16:23
On Mon, 10 May 2004, Tony Finch wrote:

SPF needs to make the case that SPF interpretation is *not* turing
complete, and has bounded execution in time and space.

I thought that (in the absence of the "processing limits" section in the
specification) SPF might be Turing complete. It supports general-purpose
recursion, it has conditional constructs, and it allows the argument to
the recursive call to be altered programmatically. However I haven't yet
managed to work out how to write a conditional that does anything useful.

Good point.  If SPF turns out to be turing complete, then the spec should
require a recursion limit.  Otherwise, there is no way to bound time or
memory for interpreting an SPF record.  Currently, the spec allows 
an implementation to check for recursive loops - or provide a fixed limit
of at least 20 levels.  If SPF is turing complete, then a DOS attack
could serve an SPF record with a non-terminating, but non-looping 
program.  In that case, the fixed limit of 20 levels should be mandatory.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>