Le 2013-04-24 16:26, Scott Kitterman a écrit :
The case here is #2. In SPF there are various mechanisms that can be used in
an SPF record to identify sources from which mail is authorized. Two of these
mechanisms directly specify IP addresses. "ip4" is used to specify IPv4
addresses and "ip6" is used to specify IPv6 addresses (that's a design
decision that was made in 2003, so it is what it is).
The intent of the text was to communicate that if the SPF verification process
(which could possibly be running in any internet networking environment you
might think of) were presented with an IPv4-mapped IPv6 address, the correct
way to check if that address is authorized is using the IPv4 part of the
address to check against an "ip4" mechanism.
I hope that clarifies the intent.
Very clear.
One problem I can think of:
What is the effect of specifying IPv4-mapped IPv6 addresses in "ip6" SPF
data? Or through a AAAA DNS record that the SPF "ip6" process looks up?
If an SPF process that checks an IPv4-mapped IPv6 address uses
exclusively the "ip4" SPF data, then IPv4-mapped IPv6 addresses in "ip6"
data would be ignored. I would consider that surprising. For example, I
would expect an SPF rule producing ::ffff:0.0.0.0/96 to apply to all
IPv4-mapped IPv6 addresses, but it would simply get ignored.
Generally you want to treat IPv4-mapped IPv6 addresses like regular,
opaque IPv6 addresses unless you have good and specific reasons not to
do so.
Simon
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
