-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hector Santos wrote:
| Scott Kitterman wrote:
| > I think you are still using the old (pre-MARID/2004) recursion
| > limits. The current approach is a little different:
|
| I see. But this is one of those things that was changed without much
| insight to the repercussions. :-)
|
| You see it as PERMERROR. Classic SPF implementations sees it as a
| SOFTFAIL.
Hector Santos wrote:
Ah come on Julian.
The RESULT was a SOFTFAIL because that was the FINAL directive for this
particular record.
I thought you meant that some earlier SPF draft had defined "SoftFail" as
the result for a processing limits violation. It wasn't at all clear that
you meant something else when you said the above without any further
context. Sorry for the confusion.
Please don't try to push the issue on me.
Anyone else (who cares to participate in this thread) just seems to
disagree with you on _what_ the issue is.
I am not the one that screwed this up creating PERMERRORS for classic SPF
setups.
Security overrides backwards compatibility. At least outside the MS world.
You are the guys that came up with artificial SWAG limit.
You still haven't answered my questions what specific value you would have
preferred, and what empirical methodology you would have used to determine
it.
Just don't expect working Classic SPF systems to change for this
specific nonsense Artificial Limit.
Ironically, this is not far from the truth. Many systems with old
implementations won't change. But at least we have covered our asses with
regard to the DoS vulnerability since draft-schlitt-spf-classic-00, which
is where the limit first appeared in its current form in December 2004.
If someone suffers from a DoS attack due to an old implementation, we can
point them to the implementor.
Its nonsense. The next time a critical change is made, you should run it
by the list of vendors that are on your web site. Not just rely on the
mailing list.
Look, SPFv1 has _just_ become final a week ago. We actually might do what
you suggest, but you can't expect us to have asked implementors to adapt
to whatever draft was current at the time we changed something in it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEXjznwL7PKlBZWjsRAjsBAJ4/nUGjI6nqsCZthZ0FazX/N5aZAACgkf10
/BUhZ4xWLnWmzD6U/5byMI0=
=2Br1
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com