spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed.

2005-08-11 07:39:36
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: Florian Weimer [mailto:fw(_at_)deneb(_dot_)enyo(_dot_)de]
Sent: Thursday, August 11, 2005 10:28 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Updating SPF type99 and TXT RR's:
Simultaneity is not guaranteed.


* Scott Kitterman:


One other consideration is that while the spec says that TXT and SPF
must be identical, receivers are explicitly NOT required to check
for this (and in fact, as I think you are arguing it would be a bad
idea).


One of us is misreading the spec, it seems.  (It could well be me.)

Here's the relevant paragraph, I think:

| 4.5.  Selecting Records
|
|    Records begin with a version section:
|
|    record           = version terms *SP
|    version          = "v=spf1"
|
|    Starting with the set of records that were returned by the lookup,
|    record selection proceeds in three steps:
|
|    1.  Records that do not begin with a version section of exactly
|        "v=spf1" are discarded.  Note that the version section is
|        terminated either by a SP character or the end of the record.  A
|        record with a version section of "v=spf10" does not match and
|        must be discarded.
|
|    2.  If there are both SPF and TXT records in the set and if they are
|        not all identical, return a "PermError".
|
|    3.  If any records of type SPF are in the set, then all records of
|        type TXT are discarded.

I *think* that this requires SPF clients to signal PermError in case
of a mismatch.


That certainly sounds like it, but if you look at the paragraph before
(4.4):

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#anc
hor19



4.4. Record Lookup

In accordance with how the records are published, see Section 3.1

(Publishing)

above, a DNS query needs to be made for the <domain> name, querying for

either

RR type TXT, SPF, or both. If both SPF and TXT RRs are looked up, the

queries

MAY be done in parallel.

If the DNS lookup returns a server failure (RCODE 2), or other error

(RCODE

other than 0 or 3), or the query times out, check_host() exits immediately
with the result "TempError".


The key point from your paragraph is, "Starting with the set of records that
were returned by the lookup".  During the lookup you don't have to look at
both.  If you do, you have to PermError.

Not the clearest thing in the world I will certainly admit...

Scott K
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Next by Date:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Previous by Thread:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Next by Thread:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]