spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IPv4/IPv6 address handling in the SPF specification

2005-06-27 09:00:29
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.

I wrote:

Hacking Mail::SPF::Query (Tuesday Afternoon)
--------------------------------------------
[...]
Then we pulled out our laptops and Shevek set up a temporary Subversion
repo so we could start hacking on the new M:S:Q (which will be called
Mail::SPF, by the way) right away.  Suffering from the Hilton's extra-
ordinarily bad WLAN connectivity, we hacked for a few hours and found a
number of vaguenesses and ambiguities in the draft-schlitt-spf-classic-02
specification, most notably the IPv4/IPv6 address handling (I'm going to
expand on that, too, later). 


Ok, here's what it's about:

draft-schlitt-spf-classic-02 says:

| 5.  Mechanism Definitions
| 
|    [...]
| 
|    When any mechanism fetches host addresses to compare with <ip>, when
|    <ip> is an IPv4 address, A records are fetched, when <ip> is an IPv6
|    address, AAAA records are fetched.  Even if the SMTP connection is
|    via IPv6, an IPv4-mapped IPv6 IP address (see [RFC3513] section
|    2.5.5) MUST still be considered an IPv4 address.

This is technically correct, but slightly unclear with regard to how 
implementations should go about handling IPv4 and IPv6 addresses.

Now what Shevek and I have come up with is that it is probably best for 
implementations that support IPv6 to _always_ operate on IPv6 addresses 
internally, i.e. to convert any IPv4 addresses to IPv4-mapped IPv6 ones.  
For instance, an incoming IPv4 connection from the address 1.2.3.4 would 
be converted to ::ffff:1.2.3.4 (AKA 0:0:0:0:0:ffff:0102:0304).

This doesn't match the letter of the spec, but it really is what the spec 
means, and it is a lot easier to understand from an implementor's POV.  So 
I'd like to suggest that if we do another iteration of the specification, 
we change the current above paragraph to read:

|    When any mechanism fetches host addresses to compare with <ip>, when
|    <ip> is an IPv4 address, A records are fetched, when <ip> is an IPv6
|    address, AAAA records are fetched.  If the SPF client supports IPv6,
|    it is recommended that it internally operates on IPv6 addresses only,
|    and that it converts any IPv4 addresses to IPv4-mapped IPv6 addresses
|    (::ffff:n.n.n.n, see [RFC3513] section 2.5.5).  However, the client
|    still needs to match ::ffff:n.n.n.n addresses against IPv4 addresses.

Any comments?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCwCKdwL7PKlBZWjsRAvZEAKDrFdT95zq3YEm8Zi+CK9DqoywjkgCfeTRN
MWDAPxVm81rlr5WbQ1wLCxI=
=INA1
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CIVS Election now available for voting: SPF Project Community Vote: Official Project Domains, Julian Mehnle
Next by Date:  Re: Report from the MAAWG conference (was: Going to the MAAWG conference), Hector Santos
Previous by Thread:  Next strategic steps for SPF, Chris Haynes
Next by Thread:  Re: IPv4/IPv6 address handling in the SPF specification, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]