-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Mehnle wrote:
You correctly point out that TempError should be for conditions that
are likely to resolve themselves. But on the other hand, we don't
want PermError to be implementation defined. Maybe we should have
had an ImplLimitError result.
Good idea for the future. For now, however, I did not say that
"PermError" should be returned. What I said is that it should be
treated as "no match" for the mechanism in question.
Plus, I said:
I don't think that there's such a thing as an "A overflow" -- just take
whatever number of A records you get in the response packet.
So assuming the implementation decides to drop the TCP stream after
receiving n A records (or after m bytes), it would simply search the
records it got for the sender's IP address and assume "match" if it is
included, or "no match" if it is not included (even if the sender's IP
address would have been the (n+1)-th record).
However, what we _should_ have said in the spec when it says...
| SPF implementations SHOULD limit the total amount of data obtained from
| the DNS queries. For example, when DNS over TCP or EDNS0 are available,
| there may need to be an explicit limit to how much data will be accepted
| to prevent excessive bandwidth usage or memory usage and DoS attacks.
...is that a minimum amount of data (like 20 A records or so per response)
MUST be accepted. Oh well...
Should we finally start collecting all the gotchas in one place for another
version of SPF (be it 2.1 or 3.0)? If yes, I'd set up a page for it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEdb2HwL7PKlBZWjsRAuOQAKDiavQHp5oMqpNYI2NDgQzMMYH5WACfeUap
kvQZr8GsXNjWW39m0a69PrI=
=HXy3
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com