spf-discuss
[Top] [All Lists]

Re: IPv4/IPv6 address handling in the SPF specification

2005-06-28 04:43:43
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
Does your idea also cover stuff like %{ir}, or does that case need an
additional statement ?  Is the whole issue something like an
implementation detail ?

I said that the current wording is formally correct:

|    Even if the SMTP connection is via IPv6, an IPv4-mapped IPv6 IP
|    address (see [RFC3513] section 2.5.5) MUST still be considered an IPv4
|    address. 

But it deceives the implementor by subliminally suggesting that the 
implementation should convert ::ffff:n.n.n.n addresses to n.n.n.n 
addresses internally, or at least that it was useful to treat IPv4 and 
IPv6 addresses separately.  It isn't, internally operating on IPv6 
addresses only is actually the more clever thing to do.

Also, the current wording is unclear in what is meant by "::ffff:n.n.n.n 
MUST be considered n.n.n.n".

My first suggestion was explicit on the _input_ side (like matching), but 
not on the _output_ side (like for macro expansion).  What about this?

|    If the SPF client supports IPv6, it is recommended that it internally
|    operates on IPv6 addresses only, and that it converts any IPv4
|    addresses to IPv4-mapped IPv6 addresses (::ffff:n.n.n.n, see [RFC3513]
|    section 2.5.5) internally.  However, the client MUST still match any
|    such ::ffff:n.n.n.n addresses against n.n.n.n addresses in SPF records
|    and format them as n.n.n.n addresses when generating output text.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCwTfwwL7PKlBZWjsRAg6ZAKDarmRZup9rIPg3A6/ZY+8hLMhtrACguEfQ
FGJ4eZ3RejH9f9xQZMuyIHQ=
=GqnW
-----END PGP SIGNATURE-----