On Wednesday, January 25, 2012 09:47:12 AM Douglas Otis wrote: > On 1/25/12 9:13 AM, Scott Kitterman wrote: > > On Wednesday, January 25, 2012 08:54:42 AM Douglas Otis wrote: > > > What happens when the client and server do not share the same > > > version of Internet Protocol and one of their Internet providers > > > compensates by translating between the two? > > > > This use of SPF is no different than any other, so it's no better or > > worse here. I don't think your theories about how SPF will make the > > Internet melt are on topic in the MARF working group. > > Dear Scott, > > A requirement for an SPF PASS seems illogical for assessing SPF failure > feedback. Disparities involving use of different IP protocols seems > poorly considered in this case, does it not?
Logical or not, the spec doesn't actually do that, so you can relax. > The SPF macro concern is also unlikely to impact the email providers > facilitating a targeted attack. To this extent that is a problem (and we'll have to agree to disagree on this), this is no different than any other application of SPF, so it's not relevant to the discussion. > What prevents use of DKIM as the only required vetting for feedback? The issue in question is about the envelope and looping reports. I think DKIM is orthogonal to the point. Even if it's not, requiring implementation of an entirely separate technology (DKIM) to prevent loops is overkill and there's no evidence of any need for it to support interoperation. > > > This might lead to nonsensical SPF records containing > > > "exists:icann.org" or ending with "+all". > > > > No specification can ensure people don't do odd things. > > A specification should not require a protocol that expects an > inappropriate processing of macros, nor should it inhibit the > communications that it intends to support. I think we're OK on those grounds here. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
