spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPv6 / a+ip6 (Was: Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7)

2005-05-18 05:31:25
from [wayne] [Permanent Link] 
In 
<1116405418(_dot_)28969(_dot_)25(_dot_)camel(_at_)firenze(_dot_)zurich(_dot_)ibm(_dot_)com>
 Jeroen Massar <jeroen(_at_)unfix(_dot_)org> writes:


Section 5.3. "a", does this "ip address" include both IPv4, IPv6 and
maybe anything else that will come, aka thus this force SPF checkers to
check both A and AAAA at the moment?


Section 5. "Mechanism Definitions" says:

   When any mechanism fetches host addresses to compare with <ip>, when
   <ip> is an IPv4 address, A records are fetched, when <ip> is an IPv6
   address, AAAA records are fetched.  Even if the SMTP connection is
   via IPv6, an IPv4-mapped IPv6 IP address (see [RFC3513] section
   2.5.5) MUST still be considered an IPv4 address.

Is this clear enough, or does it need to be changed?



Section 5.6. "ip4" and "ip6", mentions:

8<--------------------
ip6-network      = <as per [RFC 3513], section 2.2>
          ; e.g. 2001:DB8::CD30
--------------------->8

Which would be ambigous imho, as you need to write:
"ip6:2001:db8::cd30", thus if somebody writes some silly parser,
simply cutting per ":", eg split first on space and then on ":",
which is indeed quite silly, would mess up this format.  Would it
not be better to write: "ip6:[2001:db8::cd30]/30", which is the IPv6
literal syntax (RFC2732). My silly ":" split argument goes for this
one too, but at least this should be a little less ambiguous when
reading as a human.


I don't think the current ABNF is ambiguous, but yeah, using the
square brackets might have been better.  Unfortunately, we didn't, and
the goal of this draft is to document what is, not what should be.



The 'a', thus defines a host address which is both IPv4 and IPv6, and
I am really wondering what happens if I setup my spf rules and send out
a mail over IPv6 outbound, and some SPF checker doesn't check the IPv6
address, sees that it's not the IPv4 address as mentioned in the SPF
rule, thus most likely dropping the mail...


I think this is answered by the above quote of the SPF spec.  If not,
let me know.



Maybe to put the question differently, what is the level of support
for IPv6 in the several SPF check tools?


Support for IPv6 is not widespread.  I know that libspf2 supports it,
and I think that Theo/George Schlossnagle's implementation supports it
have had IPv6 support for over a year and there may be others.  I
don't think the IPv6 stuff has been heavily tested, even with these
implementations.


-wayne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Canadian Task Force on Spam #1 Recommendation: Publish SPF records!, James Couzens
Next by Date:  RE: For SPF Council review - PASS Definition - was: People keep misunderstanding what "Pass" and "Neutral" mean, Scott Kitterman
Previous by Thread:  IPv6 / a+ip6 (Was: Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7), Jeroen Massar
Next by Thread:  Re: IPv6 / a+ip6 (Was: Re: New SPFv1 spec: draft-schlitt-spf-classic-01pre7), william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]