-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
On Thu, 25 May 2006, Julian Mehnle wrote:
I don't think that there's such a thing as an "A overflow" -- just
take whatever number of A records you get in the response packet. In
what situation could there be an "overflow"?
Suppose there were 100 million A records for the hostname. Possible
over TCP or EDNS0. An implementation has to draw the line somewhere -
and the line is implementation defined. The SPF record can't be
evaluated if you stop before comparing the source IP with all 100
million records. So the only possible results are TempError and
PermError.
Oh, you mean that when a UDP response is marked as being truncated, the
requestor would then make a TCP request and receive a huge number of
records in the response stream? Certainly possible, but is there _ANY_
protocol out there besides SPF that explicitly provides for that odd kind
of "attack"? I mean, do we _really_ need to _standardize_ behavior for
that situation? I think implementations will be intelligent enough not to
keep reading the stream forever. And after all, RFC 4408 does point out
the general issue.
You correctly point out that TempError should be for conditions that
are likely to resolve themselves. But on the other hand, we don't
want PermError to be implementation defined. Maybe we should have
had an ImplLimitError result.
Good idea for the future. For now, however, I did not say that "PermError"
should be returned. What I said is that it should be treated as "no
match" for the mechanism in question.
A future version of SPF should probably use structured result codes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEdblhwL7PKlBZWjsRAsM5AJ4zP9HTQIzbeyQjOBB1tqoZm0Ux0ACg8xjR
T2TMWgcoFXIOYPrnGbOgd24=
=srYU
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com