On Monday 07 Jun 2004 17:55, Michel Py wrote:
Stuart D. Gathman wrote:
Amen. I really like the idea of independent authentication "layers".
This is exactly why I supported the following suggestion that Tim made
some time ago:
Tim Meadowcroft wrote:
v=spf2 xml=http://www.schmerg.com/spf.xml mx -all
This way you get the best of both worlds - let the 'market(s)'
decide how much they want XML...
Your implementation can choose to ignore the xml string, the only extra
code required in the parser would be to understand that it's there and
jump to the old-style syntax.
and Stuart D. Gathman replied:
This makes SPF1 a prerequisite to using SPF2. By sticking with the
current _ep subdomain scheme for SPF2, the layers are more independent.
I do agree, however, that the XML data is too large for DNS and
ought to be fetched via TCP. However, the existing _ep format
can contain the link.
I've been away for a few days and then trying to catch up with the list (takes
a while!).
My argument was that SPF1 is already in use, so that's not too bad a
trade-off, and an SPF checker can decide not to read the full SPF1 options in
which case it just searches the record for /^v=spf2.*\s+xml=(\S+)/ in order
to find the location of the XML record.
This also makes SPF2 backwards compatible with SPF1 (but not CID), but doesn't
require an SPF2 implementation to understand all of SPF1 if it doesn't want
to.
An SPF "user" can choose to use or ignore the spf v1 syntax and/or the XML
record. Similarly a publisher can choose to publish either or both records
SPF but no XML record: v=spf2 mx -all
XML, no SPF: v=spf2 xml=http://www.schmerg.com/spf.xml
Both: v=spf2 xml=http://www.schmerg.com/spf.xml mx -all
A reader that doesn't find the type of record they want to use (raw SPF for
before DATA, XML for after DATA) presumes no record is published for that
bit.
But I see it all went quiet on my proposal after that. Presumably I was
missing something... but I thought it was a good way to AVOID forking SPF
(which I am dead set against - I'd drop interest in SPF if it forked, whereas
if it went XML-in-DNS I'd retain a skeptical interest).
Cheers
--
Tim
PS The eagle-eyed may notice schmerg.com doesn't publish SPF - does it
disqualify me from a discussion ?? I would publish it if I could at the
moment....