[Top] [All Lists]

possible changes to the SPF I-D during AUTH48

2005-08-11 10:06:29
In <42FB820A(_dot_)1121(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann 
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:

So that could be another point for Wayne's AUTH48:  fix ABNF
for CIDR (1), fix ptr limit (2), remove mismatch PermError (3),
anything else ?

I have the following things that are on my TODO list to consider for
changes during the AUTH48 review:

  * djbdns only returns 8 RRs instead of the complete RRset
    (e.g. add a warning that some resolvers are known to give
     incomplete information and using them in conjunction with SPF
     checks can lead to errors.)

  * it is easier to convert IPv4 to IPv6 and work with just that
    (this is just an implementors note.)

  * bugs in the ABNF

    * "redirect=aaa" is accepted by 'name "=" macro-string' instead of
       being rejected.

    * "a:ab%-" is accepted because <domain-end> uses <macro-expand>

    * CIDR values are not checked for the ranges

    (all of these were fixed in the ABNF that I posted a while back.

  * ptr: shouldn't be counted in the process limits?  (%{p} isn't)

  * the TXT and SPF RRs can get out of sync due to TTLs being different.
    Therefore, we should allow implementations to freely choose which
    record they want to use.

I don't consider any of these changes to be set in stone.  I think
that, once we get near the AUTH48, we need to verify that these
changes are appropriate.

For what it is worth, I have had no indication that the RFC editor has
done anything with the SPF I-D.  At this rate, it could be many months
before the SPF I-D becomes an RFC.