wayne at schlitt
Nov 28, 2006, 12:09 PM
Post #13 of 13
In <Pine.LNX.4.62.0611281145050.422 [at] sokol> "william(at)elan.net" <william [at] elan> writes:
Re: New poll on the IP4 mapped IP6 connection controversy
[In reply to]
> On Tue, 28 Nov 2006, wayne wrote:
>> In <Pine.LNX.4.62.0611281126200.422 [at] sokol> "william(at)elan.net" <william [at] elan> writes:
>>> On Tue, 28 Nov 2006, wayne wrote:
>>>> What should happen when you get an SPF check using example.com and
>>>> example.com TXT "v=spf1 ip6:::FFFF:184.108.40.206 -all"
>>> 3 if you want to be that precise and actually mention it, otherwise 4
>> What do you think about the other case, which uses AAAA records?
>> Are these the same, and if not, why not?
I'm still curious about the answers to these two questions...
In a different post, William wrote:
>>> 3) The SPF result is well defined and it depends on whether the
>>> connecting SMTP session is on an IPv6 socket or an IPv4 socket. If
>>> it is on an IPv4 socket, the result is Fail, if it is on an IPv6
>>> socket, the result is Pass.
>>> 4) The SPF result is undefined and implementations can choose to match
>>> or not match this.
>> 3 if you want to be that precise and actually mention it, otherwise 4
> BTW, I think instead of worrying about above, developers need to make
> sure that when users do receive IPv6 connection but the other end is
> ipv4 mapped address that they can use ipv4 rules when checking SPF.
> That is a lot more of an issue then supposed case when somebody puts
> ipv6 mapped address directly in SPF - for that case I think people need
> to be warned not to do it, without it being specifically disallowed.
I guess I see this as being somewhat contradictory.
If it is ok for an SPF implementation to choose to only check ip4:
mechanisms if it has an IPv4 socket and ip6: mechanisms if it has an
IPv6 socket, why should it be forced to check ip4: mechanisms if it
has an IPv6 socket?
I guess I really shouldn't have tried to give an exhaustive list,
Stuart is quite right to add the "but people shouldn't add IPv4-mapped
addresses to the SPF records" to my option 1) in his response. I'm
not trying to put words into your mouth, I'm trying to figure out what
a rough consensus should be.
While I agree that publishers *SHOULD* not publish SPF records with
IPv4-mapped addresses, I don't see any point in adding new undefined
behavior to the SPF results. Is there some reason why this should be
left up to the implementation?
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1007