-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wayne, thanks for collecting all those changelogs.
Someone (not me, and probably not Wayne) should create consolidated
changelogs from each of the past major spec revisions (spf-draft-200406,
draft-mengwong-spf-00, draft-mengwong-spf-01, draft-lentczner-spf-00, and
draft-schlitt-spf-classic-00) to draft-schlitt-spf-classic-01. Only
significant changes in the protocol semantics should be mentioned. These
changelogs could probably be incremental for the most part.
This would be enormously helpful for authors of implementations based on
one of those major spec revisions, who want to update their
implementations, and also for other interested parties.
Could anyone please do that based on Wayne's collection of changelogs?
A few other things that occurred to me when reading Wayne's message:
Wayne Schlitt wrote:
Roger Moser wrote:
5.6 "ip4" and "ip6"
Why is <dual-cidr-length> declared in this section? It is not used
here.
<dual-cidr-length> wasn't mentioned anywhere else, and this looked
like the best place to put it.
I had wondered about that before. I think the <dual-cidr-length>
definition (together with the <ip4/ip6-cidr-length> definitions) belongs
in 5.3 where it is being used for the first time.
Domain literals are accepted and the SPF record of the PTR record is
examined.
I don't understand what you mean by this. Could you give an example?
For the record (I don't know whether this has been discussed before), I
think he means if SPF is called with an identity of "n.n.n.n", this is
taken as a dotted-quad IP(v4) address literal and a PTR lookup is
performed, and the resulting domain name is then being used as the
identity for a real SPF check.
I find this to be _very_ problematic. First, you cannot in general tell
whether "n.n.n.n" is an IP address literal or a regular domain whose
labels consist only of digits (which is generally valid, although there is
currently no TLD that consists only of digits). Second, the semantics of
the above procedure are far from clear.
SPFv1 should not operate on address literals.
Generally, SPF records might very well be attached to domain names like
"n.n.n.n.in-addr.arpa" or "...n.n.ip6.arpa", though, so as to enable
MTA-Mark-style IP-address-bound policies. This wouldn't be within the
scope of SPFv1, though, because the identity being checked wouldn't be
HELO or MAIL FROM, but an IP address.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCfk5kwL7PKlBZWjsRAl/4AKDhvzX/dhj9B4YGPndEMNsUe3gRjQCg1px6
gKRvY51Dw+GMUv+G6R2nAeE=
=9YnZ
-----END PGP SIGNATURE-----