spf-discuss
[Top] [All Lists]

Re: -01pre5

2005-05-07 00:15:42
wayne wrote:

if you haven't bothered to make comments about the -00 draft
weeks ago, you really don't have much right to complain about
me releasing the -01 draft quickly.

I've reviewd -01pre2 nine weeks ago, and now -01pre5 up to line
631.  It's not about "complaining", it's about typos and minor
stuff before the "last call" and IESG review.

The "HELO PermError" found by Mark was interesting.  Or if you 
adopt Scott's "no include PermError" the Sendmail folks who've
apparently implemented the "include PermError" correctly might
get angry (see spf-help).
 
in -01pre4, this last sentence was changed to:
   In order to prevent the circumvention
   of SPF records, rejecting e-mail from invalid domains
   should be considered.

That's fine, no more 2119 keyword about this "receiver policy".

we say that Neutral MUST be treated the same as None.

In that case a 2119 MUST is okay, it's very important for all
involved parties to share a common understanding of NEUTRAL.

 [SPF policy != TXT policy]
I am very reluctant to change wording that was developed
and "blessed" by the high priests of DNS during the MARID
processes.

Yes, this list with old comments was for info. because Julian
also posted his old list (I didn't know his list, and v.v.).
Of course you already knew both lists, but nobody else here.

|  toplabel    = ALPHA / ALPHA *[ alphanum / "-" ] alphanum
  toplabel    = ALPHA [ *( alphanum / "-" ) alphanum ]
 
The "toplabel" definition was snarfed directly from any of
the following RFCs: rfc1738
[and many others]

Okay, my idea is still shorter (clearer ?),  Please note that
2234(bis) recommends to use parentheses instead of the priority
concatenation before alternative.  That would result in:

  toplabel    = ALPHA / ( ALPHA *[ alphanum / "-" ] alphanum )

I think it would be best to keep the definitions consistent.

A matter of taste, I love to make syntax simple and "pretty".
Certainly nothing for the SPF Council, pick what you like. ;-)

 [SPF timeout] 
I know of no way of abusing the timeout.

IIRC (one of the last mxcomp articles) Doug Otis intended to
send all potential DNS queries for a sender policy at once,
instead of left to right.  Then he said "hundreds of pending
SPF DNS queries" once too often, but that's another story.

Implementing a protocol with its own timer(s) is more complex
than a protocol without timer(s) handling only timeout errors
of the underlying layer (here DNS).

I know that John Levine has created test SPF records that
can cause problems if there isn't a timeout.

That's something I missed, do you have an example ?  How is
this possible if you evaluate a policy left to right ?  Bye.



<Prev in Thread] Current Thread [Next in Thread>