SPF competitor: DVP

Stuart wrote:

If SPF is turing complete, then a DOS attack could serve an SPF record
with a non-terminating, but non-looping program.  In that case, the fixed
limit of 20 levels should be mandatory.


No, not the levels should be limited, but the total number of includes and
redirects. If you allow a maximum level of 20, then the execution time could
be billions of years. For example:

a TXT "v=spf1 include:b.xyz.com include:b.xyz.com ..<10 includes>.. -all"
b TXT "v=spf1 include:a.xyz.com include:a.xyz.com ..<10 includes>.. -all"

Roger

<Prev in Thread]	Current Thread	[Next in Thread>
SPF competitor: DVP, Stuart D. Gathman Re: SPF competitor: DVP, Tony Finch Re: SPF competitor: DVP, Stuart D. Gathman SPF Turing completeness, Meng Weng Wong SPF competitor: DVP, Roger Moser <= SV: SPF competitor: DVP, Lars Dybdahl RE: SPF competitor: DVP, Jeremy Pullicino Re: SPF competitor: DVP, Meng Weng Wong RE: SPF competitor: DVP, Seth Goodman RE: SPF competitor: DVP, Stuart D. Gathman RE: SPF competitor: DVP, James Couzens RE: SPF competitor: DVP, Stuart D. Gathman RE: SPF competitor: DVP, David Brodbeck SV: SPF competitor: DVP, Lars Dybdahl Recursion limit of 20 include/redirects total, Meng Weng Wong

Previous by Date:	Re: "valid since" addition to SPF?, Daniel Quinlan
Next by Date:	Re: Re: "valid since" addition to SPF?, Alex van den Bogaerdt
Previous by Thread:	SPF Turing completeness, Meng Weng Wong
Next by Thread:	SV: SPF competitor: DVP, Lars Dybdahl
Indexes:	[Date] [Thread] [Top] [All Lists]