On Wed, 15 Nov 2006, Julian Mehnle wrote:
> In the Mail::SPF test-suite driver, I am currently skipping the
> "cidr6-0-ip4" and "cidr6-ip4" test cases. They assume that IPv4 connec-
> tions must never match the "ip6" mechanism, even if the IPv4 connection
> comes in through an IPv6 interface. I discussed this with Wayne and Scott
> on #spf extensively, and it seems we cannot agree on a common interpreta-
> tion of RFC 4408. Here's my rationale:
>
> Nowhere does RFC 4408 say that the "ip6" mechanism must not match IPv4
> addresses. 5/9 saying "Even if the SMTP connection is via IPv6, an
> IPv4-mapped IPv6 IP address [...] MUST still be considered an IPv4
> address" doesn't change that.
Why do you make ip4 mapped ip6 connections match IP6, but not A or MX?
To be consistent, you should fail tests like a-cidr6-0-ip4mapped as
well:
e2a.example.com:
- AAAA: 1234::1
- SPF: v=spf1 a//0 -all
If ip4 mapped connections are considered as *both* ip4 and ip6, then
they should match the above a//0 mech as well. But your SPF lib
apparently passes the above test.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1007
> In the Mail::SPF test-suite driver, I am currently skipping the
> "cidr6-0-ip4" and "cidr6-ip4" test cases. They assume that IPv4 connec-
> tions must never match the "ip6" mechanism, even if the IPv4 connection
> comes in through an IPv6 interface. I discussed this with Wayne and Scott
> on #spf extensively, and it seems we cannot agree on a common interpreta-
> tion of RFC 4408. Here's my rationale:
>
> Nowhere does RFC 4408 say that the "ip6" mechanism must not match IPv4
> addresses. 5/9 saying "Even if the SMTP connection is via IPv6, an
> IPv4-mapped IPv6 IP address [...] MUST still be considered an IPv4
> address" doesn't change that.
Why do you make ip4 mapped ip6 connections match IP6, but not A or MX?
To be consistent, you should fail tests like a-cidr6-0-ip4mapped as
well:
e2a.example.com:
- AAAA: 1234::1
- SPF: v=spf1 a//0 -all
If ip4 mapped connections are considered as *both* ip4 and ip6, then
they should match the above a//0 mech as well. But your SPF lib
apparently passes the above test.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=1007