spf-discuss
[Top] [All Lists]

Re: mail administrator certification example

2004-07-30 09:54:47
I did not make the rule for the notation. That are part of the binary number
system. The total space is the 32 bit octal address space. Therefore there
are certain mathematical restrictions imposed by both the binary and octal
notation. The /xx defines that as some power of 2 a /24 is 2 to 8 power. or
256. a / 25 is 2 the 7 and etc.

The range is calculated by the mathematical operators or, and, xor and the
nor operators. the number must be represented in binary format of 0 and 1.

It does appear that the rfc implies that a /24 on a non boundary is
acceptable and from that I say it is doomed.

As I said all mail server have a router built into the mail server and
without writing a separate whole new set of rules for every situation that
may occur and do not adhered to basic mathematical principal the usefulness
of these notations is worthless. The overhead to process such variations
from basic mathematics will severely load the server and make spf a useless
idea.



----- Original Message ----- 
From: "Paul Howarth" <paul(_at_)city-fan(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, July 30, 2004 12:03 PM
Subject: Re: [spf-discuss] mail administrator certification example


John Keown wrote:
----- Original Message ----- 
From: "Paul Howarth" <paul(_at_)city-fan(_dot_)org>
Supposing there were DNS records:

smtp.example.com. A 192.168.1.1
mx.example.com. A 192.168.1.19
example.com. MX mx.example.com.
example.com. TXT "v=spf1 a:smtp.example.com/28 mx -all"


That would violate ip address notation and if spf accepts your example
then

Which example, the one above, which is remarkably similar to the example
given
in section 2.1 of the SPF spec at
http://spf.pobox.com/spf-draft-200406.txt,
or the one using only ip4 mechanisms, which was similar to the one you
were
originally complaining about?

spf NEEDS to be fixed before it one has to re-write all routing table
and
routers on the internet.

If SPF supports a wider range of syntax that some routers, what is the
problem? Nobody is suggesting that all routers be upgraded to handle
SPF-style
syntax. What have routers got to do with SPF?

What I am saying is xxx.yyy.zzz.1/24 does not conform to ip4 address
space

a  /24 means the first 24 bits are always the same and only the last 8 bits
can change.

A / 25 means only the last 7 bits can change in the range and the first 25
bits are the same.
a / 26 means the first 26 bits are the same and only the last 6 bits can
change.

Now in all the above definitions the only way the /x will work is if the all
the starting points of the octal notation are on a boundry. If it is not on
a boundary then with a /24 the the first 24 bits cannot remain constant.



Having poked around the RFCs using google, I'm unable to find a definitive
statement of what CIDR notation for IPv4 actually is (though I can for
IPv6 -
RFC 2373 - but even that doesn't clearly say whether non-zero digits
beyond
the prefix are forbidden or not).

and has no meaning. Now if we ant to change the rules then we need to do
that.

Yes it does. The bit after the slash is called the "prefix length". So you
take the leftmost prefix length bits and compare those and only those.
Anything beyond the prefix length is ignored. Simple.

Paul.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com