In <200605191450(_dot_)20460(_dot_)julian(_at_)mehnle(_dot_)net> Julian Mehnle
<julian(_at_)mehnle(_dot_)net> writes:
wayne wrote:
I'm a little surprised that Alfred's comments have received zero
feedback from the spf-discuss list.
I guess if I don't hear anything from anyone, I'll just try my best to
figure out which of these are erratas that are worth reporting to the
RFC editor and what the corrections should be.
I noticed and read your message and Alfred's comments.
I would like to thank everyone for their comments. I've been waiting
for Alfred to reply, but he is having problems with his ISP.
Apparently, he tried to switch from ISDN to ADSL, and they have been
very prompt at removing his ISDN connection, and slow in providing his
ADSL connection. *sigh*
I learned a new term from an old post from Julian to anther list:
Warnocked. See http://en.wikipedia.org/wiki/Warnock's_Dilemma. I was
about ready to reply here with Warnock's first two reasons for people
not replying, but his list is better. ;-)
I thought the RFC Editor doesn't make any corrections to RFCs once
published, EVER? (Yes, I know that errata are separate, but you said
"corrections", so I'm not sure which one you meant.)
The RFC editor publishes an errata list at
http://www.rfc-editor.org/errata.html. As stated on that page, "In
general, we [the RFC-editor] cannot guarantee the correctness of these
errata; the reader must make his/her own judgment."
The only apparently item that was even close to controversial was the
"mechanism" keyword in the Received-SPF header:
In <200605191053(_dot_)00777(_dot_)scott(_at_)kitterman(_dot_)com> Scott
Kitterman <spf2(_at_)kitterman(_dot_)com> writes:
On 05/19/2006 10:06, Alex van den Bogaerdt wrote:
On Wed, May 17, 2006 at 03:16:07PM -0500, wayne wrote:
(3) [suspected] ABNF issue (#1)
[snip]
no comment, not enough insight.
I'm not certain, but I believe that what's in there is correct.
I think he goes astray here:
Alfred HÎnes <ah(_at_)tr-sys(_dot_)de> writes:
This means that something like
mechanism="ip4:192.0.2.1"
might appear as a <key-value-pair> in a Received-SPF header field,
with the <mechanism> included after the "=" as a <quoted-string>
-- pretty in line with the explanations on page 26.
In the ABNF one finds:
mechanism = ( all / include
/ A / MX / PTR / IP4 / IP6 / exists )
so his premise that "ip4:192.0.2.1" is a mechanism is, I believe, false.
That
said, looking at the ABNF, I'm not sure where I would get to 192.0.2.1 to go
into the value part of the key-value-pair. Either the ABNF is missing
something or I'm completely misreading it (my money's on me misreading it
since this is the first time I've really looked hard at the "Received-SPF:"
part of the ABNF.
I've investigated this a whole bunch more and I think Alfred's
suggestion is the correct one: there should be quotes around
"mechanism". There was once talk of a "mechanism=" keyword on the
Received-SPF header but, after more searching, I still don't think it
has ever been used. So, I'm not sure it makes much difference what we
do.
In draft-mengwong-spf-{00,01}, the Received-SPF ABNF was
header = 'Received-SPF:' 1*SP result [ 1*SP '(' comment ')' ]
*( 1*SP key-value-pair )
result = 'pass' / 'fail' / 'error' / 'softfail' / 'neutral' /
'none' / 'unknown' / unknown-mechanisms
unknown-mechanisms = 'unknown' *( 1*SP [prefix] mechanism )
This is the "unknown mechanism" stuff I mentioned in my first post.
And there was even an example of:
Received-SPF: unknown -extension:foo (mybox.example.org: domain
of myname(_at_)example(_dot_)com
uses
mechanism not recognized by
this client)
This shows how Meng intended that unknown mechanisms should be put,
verbatim, into the Received-SPF header so that later processes could
act on the extension. As I mentioned in my first post, I think this
confused me when I was cleaning up the ABNF for the Recieved-SPF header.
So, unless I hear some objections, I'm going to recommend the
correction to be just putting "mechanism" into quotes.
I think I'm going to drop all the minor editorial suggestions. I
don't think they are that important and I think that they risk hiding
the more significant bugs in the details.
Are there any other comments about the RFC? Or, should I package up
the list of know errors and send them off to the RFC-editor?
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com