Stuart D. Gathman wrote:
As I understand it the syntax is:
"op" "=" name *( "," name )
Actually a dot and no comma. Trying to reconstruct this, no
other modifier has a comma, they are all <domain-spec>, and
that's dot-separated labels.
Q1: should the options from an include domain be included?
Q2: should the set of options be cleared for redirect?
IMO, both answers should be NO.
IMO the answers should be mentioned in the draft. The model
are "exp=" and "redirect=":
| During recursion into an "include" mechanism, an exp= modifier
| from the <target-name> MUST NOT be used.
IMO that means "on return from an 'include' mechanism any exp=
in the evaluated <target-name> policy is not used as explanation
for an eventual FAIL result". Or something in this direction.
Therefore 'included options' have no effect for an 'including
policy', they affect only the actually evaluated policy. That
is a NO for Q1 as you said.
| In contrast, when executing a "redirect" modifier, an exp=
| modifier from the original domain MUST NOT be used.
In that direction exp= is also "local", it only modifies FAIL
explanations in the record where it stands, not in redirect=
records. If you want the same exp= you've to add it again.
Following that model you've to add the same op= again after a
redirect=. That's consistent, but not very convincing... :-(
It would be a YES for Q2, not your proposed NO.
Should new modifiers define their own behaviour wrt redirect=,
follow exp= or not ? Your proposal would run into subtle
problems for cases like this:
a.example SPF "v=spf1 op=helo redirect=b.example"
b.example SPF "v=spf1 op=nohelo"
The draft says "helo" and "nohelo" MUST NOT be used together,
they are mutually exclusive. Let's stick to the exp= model,
modifiers are local (per record) and don't cross redirect=.
Clearly ugly if redirect= is used as continuation record for
overlong policies, and that's also the last moment where you
want to repeat exp= and op=, but it's a rare corner case, and
different strategies for exp= and op= are confusing.
BUT the op= draft needs to say so explicity. And maybe the
redirect= / exp= model should be explicitly extended to all
modifiers in a future v=spf1 PS, each modifier inventing its
own rules can't be a good idea.
Thanks for the review, I'll fix it a.s.a.p.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735