-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
To damp Doug's attack without counting bytes (shudder) maybe a total
limit of about 40 queries (10 mechanisms + 30 names) would do [...]
As much as I'd like to do that, we can't really do it with "v=spf1"
anymore. The best we can do without losing backwards compatibility is
issue a security amendment RFC that defines a "security-level=n" modifier.
A record that wishes to comply with security level 1 (0 being vanilla RFC
4408) must feature a "security-level=1" modifier and comply with tightened
processing limits. Receivers can then decide whether they still want to
process SPF records of a lower security level or ignore them instead.
This might also be a useful feature for SPFv3.
Otherwise, recommending that receivers throw a PermError when hitting
limits that are lower than what RFC 4408 explicitly specifies is highly
problematic.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSIXGwL7PKlBZWjsRAudSAJ9r1x4JublgnZ28GfzqvVnzyoeRuACeO0qR
TbdB72nttO+s2kDMSzVgK9U=
=xrA/
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com