In <42FB820A(_dot_)1121(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
So that could be another point for Wayne's AUTH48: fix ABNF
for CIDR (1), fix ptr limit (2), remove mismatch PermError (3),
anything else ?
I have the following things that are on my TODO list to consider for
changes during the AUTH48 review:
* djbdns only returns 8 RRs instead of the complete RRset
(e.g. add a warning that some resolvers are known to give
incomplete information and using them in conjunction with SPF
checks can lead to errors.)
* it is easier to convert IPv4 to IPv6 and work with just that
(this is just an implementors note.)
* bugs in the ABNF
* "redirect=aaa" is accepted by 'name "=" macro-string' instead of
being rejected.
* "a:ab%-" is accepted because <domain-end> uses <macro-expand>
* CIDR values are not checked for the ranges
(all of these were fixed in the ABNF that I posted a while back.
* ptr: shouldn't be counted in the process limits? (%{p} isn't)
* the TXT and SPF RRs can get out of sync due to TTLs being different.
Therefore, we should allow implementations to freely choose which
record they want to use.
I don't consider any of these changes to be set in stone. I think
that, once we get near the AUTH48, we need to verify that these
changes are appropriate.
For what it is worth, I have had no indication that the RFC editor has
done anything with the SPF I-D. At this rate, it could be many months
before the SPF I-D becomes an RFC.
-wayne