spf-discuss
[Top] [All Lists]

Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre6

2005-05-13 23:04:27
wayne wrote:

http://www.schlitt.net/spf/spf_classic/changes_from_draft-schlitt-spf-classic-00.xml.diff.txt

That appears to be a clean diff between -00 and -01pre6, thanks.
s/"eval, etc./"eval", etc./

* The infamous "NOT RECOMMENDED" sentence about using other identities
  with SPF records has been changed to a more descriptive paragraph.

Fine, never ever touch it again, unless it's in a discussion
with more than two IESG members.
 
* Received-SPF headers now have a scope= key-value pair

I don't like this, we certainly don't want a IANA registry of
scope values at this moment.  It would be much more interesting
to see _what_ has been tested, i.e, either envelope-from=... 
or helo=...  It's probably too late to fix this header field,
but one identity=... instead of helo= + envelope-from= + scope=
would be clearer.  Hell, they could even use it for their PRA.

s/contain malicious/contains malicious/ in this chapter.

Ugly like hell, this Received-SPF.  I'd limit all MUST, SHOULD,
etc. to cases where it's absolutely necessary to avoid havoc,

* A Cross-user Forgery section has been added to the Security
  Considerations.

Nice.  The RfC editor site says "2633 obsoleted by 3851".  Bye.