Mailing List Archive

Case-sensitive status
Hello all, first-time writer, long-time knower-of-SPF.

I'm aware that Scott has started the work of putting together a push to move SPF from an Experimental to Standards Track document within the IETF. I'll be helping out where I can.

One change I'd like to suggest has to do with the SPF results strings. RFC4408 presents these status strings in a specific case. RFC5451 presents them in all-lowercase. Neither one explicitly says anything about whether or not consumers of the results need to test them in a case-sensitive manner, although in a roundabout way they're case-insensitive because ABNF (RFC5234) says so when case-sensitivity isn't expressly stated.

Would it break any known implementations to change them to all-lowercase in the new RFC, just to be consistent with other things?

-MSK



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110809154131:941E5732-C2BF-11E0-B039-F8BA90E3FC08
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
Hi Murray!

you wrote:

> I'm aware that Scott has started the work of putting together a push to
> move SPF from an Experimental to Standards Track document within the
> IETF. I'll be helping out where I can.

Definitely a worthwhile effort! I've seen your recent thread on
apps-discuss@ietf.org.

> One change I'd like to suggest has to do with the SPF results strings.
> RFC4408 presents these status strings in a specific case. RFC5451
> presents them in all-lowercase. Neither one explicitly says anything
> about whether or not consumers of the results need to test them in a
> case-sensitive manner, although in a roundabout way they're
> case-insensitive because ABNF (RFC5234) says so when case-sensitivity
> isn't expressly stated.
>
> Would it break any known implementations to change them to
> all-lowercase in the new RFC, just to be consistent with other things?

I read RFC 4234 (the predecessor revision of RFC 5234) before I went and
wrote the Mail::SPF Perl module under the assumption that the result
codes would be interpreted case-*in*sensitively exactly because RFC 4234,
section 2.3, "Terminal Values", said they would. Of course Mail::SPF is
not a *consumer* of SPF result codes, but only a producer (of Received-
SPF headers).

The most significant consumer of SPF result codes I can think of probably
is SpamAssassin. There are certainly others.

From my experience I strongly doubt any significant software packages
consuming SPF result codes do so in a case-sensitive manner, but of
course that's only a gut feeling.

-Julian



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110809165411:BAE38FCC-C2C9-11E0-AE1A-9E5C0AEDB587
Powered by Listbox: http://www.listbox.com
RE: Re: Case-sensitive status [ In reply to ]
> -----Original Message-----
> From: Julian Mehnle [mailto:julian@mehnle.net]
> Sent: Tuesday, August 09, 2011 1:54 PM
> To: spf-discuss@listbox.com
> Subject: [spf-discuss] Re: Case-sensitive status
>
> From my experience I strongly doubt any significant software packages
> consuming SPF result codes do so in a case-sensitive manner, but of
> course that's only a gut feeling.

Anybody from SA, or someone familiar with its code, on the list that can confirm this?


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110809170038:9E8196CA-C2CA-11E0-9C1F-D6682B7734FC
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Murray S. Kucherawy wrote:

> Julian Mehnle wrote:
>
> > From my experience I strongly doubt any significant software packages
> > consuming SPF result codes do so in a case-sensitive manner, but of
> > course that's only a gut feeling.
>
> Anybody from SA, or someone familiar with its code, on the list that
> can confirm this?

I'm not familiar with the SpamAssassin code, but I looked anyway:

http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm?view=markup#l336

See the //i regexp option in line 355? It matches case-insensitively.

That is also the only file in the SA code base (as of 3.3.2) consuming
Received-SPF headers.

- -Julian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk5Bq/cACgkQwL7PKlBZWjthtACgvTVgNw0G9HwydyZfbzI94i2L
aFYAoPUBfioQlXCgVSRIRNxvNHaZAU3d
=CF7K
-----END PGP SIGNATURE-----


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110809175207:D262C7D2-C2D1-11E0-96F1-C984F97589C7
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On Tuesday, August 09, 2011 05:51:51 PM Julian Mehnle wrote:
> Murray S. Kucherawy wrote:
> > Julian Mehnle wrote:
> > > From my experience I strongly doubt any significant software packages
> > > consuming SPF result codes do so in a case-sensitive manner, but of
> > > course that's only a gut feeling.
> >
> > Anybody from SA, or someone familiar with its code, on the list that
> > can confirm this?
>
> I'm not familiar with the SpamAssassin code, but I looked anyway:
>
>
> http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plug
> in/SPF.pm?view=markup#l336
>
> See the //i regexp option in line 355? It matches case-insensitively.
>
> That is also the only file in the SA code base (as of 3.3.2) consuming
> Received-SPF headers.

I checked pypolicyd-spf, which is the Postfix policy server for SPF I developed
and it does not make any assumptions about the case of the result code (it
downcases and then sets appropriate case to give a consistent presentation in
SPF Received headers, but that would be trivial to change).

I think it should be fine.

Scott K



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110809183137:5747B9DA-C2D7-11E0-856F-D1B372916A94
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
Hi there,

Just wondering if this talk about case impinges on e.g. non-Western
character sets in any way.

--

73,
Ged.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110810045948:18933EF0-C32F-11E0-A005-AD765F398AE2
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G.W. Haywood wrote:

> Just wondering if this talk about case impinges on e.g. non-Western
> character sets in any way.

No. *Everything* is US-ASCII in SPF.

- -Julian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk5CrY8ACgkQwL7PKlBZWjtyMgCg+86DFOvOOloPRBQH4G+9Moju
+KcAniN53z+JwZqVqDtojLltRZa2X/ir
=BRl/
-----END PGP SIGNATURE-----


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110810121115:5C0E3888-C36B-11E0-8867-A17EE0BE23AC
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On Wed, 10 Aug 2011, Julian Mehnle wrote:

>> Just wondering if this talk about case impinges on e.g. non-Western
>> character sets in any way.
>
> No. *Everything* is US-ASCII in SPF.

We ought to define an encoding to use for TXT records referenced by exp=

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110810164729:F57A990A-C391-11E0-990F-E6843BE6D4E1
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On Wednesday, August 10, 2011 04:47:06 PM Stuart D. Gathman wrote:
> On Wed, 10 Aug 2011, Julian Mehnle wrote:
> >> Just wondering if this talk about case impinges on e.g. non-Western
> >> character sets in any way.
> >
> > No. *Everything* is US-ASCII in SPF.
>
> We ought to define an encoding to use for TXT records referenced by exp=

I think that's SPF v 3 material.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110810173328:61D6EEE0-C398-11E0-90E0-C26894B0C590
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On Wednesday, August 10, 2011 05:33:23 PM Scott Kitterman wrote:
> On Wednesday, August 10, 2011 04:47:06 PM Stuart D. Gathman wrote:
> > On Wed, 10 Aug 2011, Julian Mehnle wrote:
> > >> Just wondering if this talk about case impinges on e.g. non-Western
> > >> character sets in any way.
> > >
> > > No. *Everything* is US-ASCII in SPF.
> >
> > We ought to define an encoding to use for TXT records referenced by exp=
>
> I think that's SPF v 3 material.
>
Actually, since exp is a modifier, you could propose a new one, like exp-
encoded= and write an ID to define it.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110810175205:FB6CC370-C39A-11E0-A6D5-A96F62889A6B
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
Murray S. Kucherawy wrote:

> in a roundabout way they’re case-insensitive because ABNF (RFC5234) says so when
> case-sensitivity isn’t expressly stated.

I use your mail as found in the list archive to test that I can in
fact send mail
to the list, threading will likely fail. Yes, ABNF is case-insensitive unless
folks go to the trouble and specify cases-sensitive strings in hex. notation.

> Would it break any known implementations to change them to all-lowercase in the
> new RFC, just to be consistent with other things?

It can't, because ABNF is case-insensitive ;-) There should be test
cases in the
test suite covering this point, in other words, it's mostly a question
of what is
better readable in 4408bis. In the prose I'd prefer the mixed case
"as is", but
wouldn't waste time with arguing if you think that this is confusing.
In the ABNF
I don't care, lower case instead of camel case is fine.

That part of the ABNF apparently only affects the Received-SPF header
field. Is
there any chance to get rid of this in 4408bis, e.g., with a pointer
to RFC 4408,
plus some "please use RFC 5451" blurb? Any "erratum" for Received-SPF should be
listed, I vaguely recall that this is the case, but this could be buried in some
"things you really do not more need to care about" appendix.

-Frank


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110811213714:98BF541A-C483-11E0-8F33-A4FA0A35BAA9
Powered by Listbox: http://www.listbox.com
RE: Re: Case-sensitive status [ In reply to ]
> -----Original Message-----
> From: Frank Ellermann [mailto:hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com]
> Sent: Thursday, August 11, 2011 6:37 PM
> To: spf-discuss@listbox.com
> Subject: [spf-discuss] Re: Case-sensitive status
>
> > Would it break any known implementations to change them to all- lowercase in the
> > new RFC, just to be consistent with other things?
>
> It can't, because ABNF is case-insensitive ;-)

That doesn't mean people did it right. :-)

> There should be test cases in the
> test suite covering this point, in other words, it's mostly a question of what is
> better readable in 4408bis. In the prose I'd prefer the mixed case "as is", but
> wouldn't waste time with arguing if you think that this is confusing. In the ABNF
> I don't care, lower case instead of camel case is fine.

I think there's a risk people will/did implement it verbatim, missing the nuance that ABNF string comparisons are case-insensitive unless actual octets are specified.

> That part of the ABNF apparently only affects the Received-SPF header field. Is
> there any chance to get rid of this in 4408bis, e.g., with a pointer to RFC 4408,
> plus some "please use RFC 5451" blurb? Any "erratum" for Received-SPF should be
> listed, I vaguely recall that this is the case, but this could be buried in some
> "things you really do not more need to care about" appendix.

I just replied to this on apps-discuss, but basically if there's some reasonable demonstration that the world has largely dropped Received-SPF in favour of Authentication-Results, then such a change should probably be fine.

-MSK


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110811235516:E21D9D16-C496-11E0-8015-FC4DA21ABEC2
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On Thursday, August 11, 2011 09:36:45 PM Frank Ellermann wrote:
> Murray S. Kucherawy wrote:
> > in a roundabout way they’re case-insensitive because ABNF (RFC5234) says
> > so when case-sensitivity isn’t expressly stated.
>
> I use your mail as found in the list archive to test that I can in
> fact send mail
> to the list, threading will likely fail. Yes, ABNF is case-insensitive
> unless folks go to the trouble and specify cases-sensitive strings in hex.
> notation.
>
> > Would it break any known implementations to change them to all-lowercase
> > in the new RFC, just to be consistent with other things?
>
> It can't, because ABNF is case-insensitive ;-) There should be test
> cases in the
> test suite covering this point, in other words, it's mostly a question
> of what is
> better readable in 4408bis. In the prose I'd prefer the mixed case
> "as is", but
> wouldn't waste time with arguing if you think that this is confusing.
> In the ABNF
> I don't care, lower case instead of camel case is fine.
>
> That part of the ABNF apparently only affects the Received-SPF header
> field. Is
> there any chance to get rid of this in 4408bis, e.g., with a pointer
> to RFC 4408,
> plus some "please use RFC 5451" blurb? Any "erratum" for Received-SPF
> should be listed, I vaguely recall that this is the case, but this could
> be buried in some "things you really do not more need to care about"
> appendix.

I wrote a reply to this once already, but my phone appears to have eaten it.

My intent is to mark Received-SPF deprecated in 4408bis and SHOULD
authentication-results to give implementors a clear signal what they should be
doing. Removal is inconsistent with the backwards compatibility goal for the
effort. In general deprecated for one update cycle before removal is a good
practice and I think we should follow it.

In IETF terms it would be odd to argue for removal of a widely deployed
feature, AIUI.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110812000815:B231564A-C498-11E0-9CF2-D49B74E9B5DF
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On 12 August 2011 05:55, Murray S. Kucherawy wrote:

> basically if there's some reasonable demonstration that the world has
> largely dropped Received-SPF in favour of Authentication-Results, then
> such a change should probably be fine.

Sadly I can't produce that, it must be hidden in the ominously missing
[2009] entry on <URL:http://www.openspf.org/auth/Research>. I get mails
from the SPF "discuss" list and can edit SPF wiki pages, but I have not
yet checked if I perhaps missed any "nobody uses Received-SPF anymore"
info.

Seriously, okay, I can forget any vague idea to smuggle EAI into 4408bis
even if that would be possible (unlikely).

-Frank


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110812002101:76058B30-C49A-11E0-BC6C-8F93AB2B30B9
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
Murray S. Kucherawy wrote:

> > > Would it break any known implementations to change them to all-
> > > lowercase in the new RFC, just to be consistent with other things?
>
> [...]
>
> > There should be test cases in the test suite covering this point,

No, the RFC 4408 test suite doesn't test for "Received-SPF" header
generation (which is the only aspect of SPF that *outputs* result names).

> > [...]
>
> I think there's a risk people will/did implement it verbatim, missing
> the nuance that ABNF string comparisons are case-insensitive unless
> actual octets are specified.

The possibility certainly exists, however there's also the "be tolerant in
what you accept" principle, which probably caused most implementors to
handle result names case insensitively.

> > That part of the ABNF apparently only affects the Received-SPF header
> > field. Is there any chance to get rid of this in 4408bis, e.g., with
> > a pointer to RFC 4408, plus some "please use RFC 5451" blurb? Any
> > "erratum" for Received-SPF should be listed, I vaguely recall that
> > this is the case, but this could be buried in some "things you really
> > do not more need to care about" appendix.
>
> I just replied to this on apps-discuss, but basically if there's some
> reasonable demonstration that the world has largely dropped
> Received-SPF in favour of Authentication-Results, then such a change
> should probably be fine.

I think the best way to deal with the "Received-SPF" header in 4408bis is
to define its grammar for implementors who would like to *parse* it, but
then say that it SHOULD NOT be generated and that "Authentication-Results"
SHOULD be generated instead.

-Julian



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110812004104:488BEDA4-C49D-11E0-97F6-EB6BC3389506
Powered by Listbox: http://www.listbox.com
Re: Case-sensitive status [ In reply to ]
Frank Ellermann wrote:

> On 12 August 2011 05:55, Murray S. Kucherawy wrote:
> > basically if there's some reasonable demonstration that the world has
> > largely dropped Received-SPF in favour of Authentication-Results,
> > then such a change should probably be fine.
>
> Sadly I can't produce that, it must be hidden in the ominously missing
> [2009] entry on <URL:http://www.openspf.org/auth/Research>. [...]

For the benefit of all, that is:

http://www.openspf.org/Research

(Remember to remove the "auth/" part from those URLs.)

-Julian



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110812004411:B6A4CC84-C49D-11E0-A8FC-CE421685FA58
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On 12 August 2011 06:44, Julian Mehnle <julian@mehnle.net> wrote:

> (Remember to remove the "auth/" part from those URLs.)

ACK, I vaguely recall that this ends up on a page explaining what
went wrong. Too bad that Received-SPF isn't covered in the test
suite, but your (plural) proposals how to tackle it with a SHOULD
in 4408bis are good.

-Frank


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110812005246:E9C7AB62-C49E-11E0-9399-C76E9C1ABC10
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On 12.08.2011 06:40, Julian Mehnle wrote:
> I think the best way to deal with the "Received-SPF" header in 4408bis is
> to define its grammar for implementors who would like to *parse* it, but
> then say that it SHOULD NOT be generated and that "Authentication-Results"
> SHOULD be generated instead.

I'd be even more conservative. That is, if an application handles A-R
fields, then it should produce those instead of Received-SPF. Otherwise, it
may use the latter to communicate results to a downstream agent. This way,
programmers should read RFC 5451 if they want to implement it, not just
blindly replace a header field with another.

jm2c



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110813140736:1E8EBCA8-C5D7-11E0-8536-CFC6286C69BD
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
On 13 August 2011 20:07, Alessandro Vesely wrote:

> I'd be even more conservative.

Good point, Authentication-Results in conflict with Received-SPF
would indicate that something might be not as it should be.

It could be a "sound" side effect of different DNS queries while
processing the same mail, but more likely this is simply a "bug".

-Frank


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110813144513:5F39CE3C-C5DC-11E0-A7AC-A89847E91F03
Powered by Listbox: http://www.listbox.com
Re: Re: Case-sensitive status [ In reply to ]
Hi Frank!

On 13.08.2011 20:44, Frank Ellermann wrote:
> On 13 August 2011 20:07, Alessandro Vesely wrote:
>
>> I'd be even more conservative.
>
> Good point, Authentication-Results in conflict with Received-SPF
> would indicate that something might be not as it should be.

Lack of inter-agent communication, unless Received-SPF had a TempError.

For an example, Courier-MTA doesn't put an A-R field, but puts Received-SPF
if properly configured; a filter that implements RFC 5451 can ease its job by
reading any existing Received-SPF. E.g., zdkimfilter operates this way,
without implementing check_host, but possibly adding other results.

Implementing RFC 5451 requires to choose an "authserv-id" and to filter any
existing, possibly spurious A-R fields that bear the same token. It is no
rocket science, but may need to be coordinated with any existing agent that
already sets A-R fields (most commonly, for DKIM / DomainKeys checks.)



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1311532-17d8a1ba
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311532&id_secret=1311532-f2ea6ed9
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311532&id_secret=1311532-bdbb122a&post_id=20110814041012:D19D25C6-C64C-11E0-9D98-FCCD64354893
Powered by Listbox: http://www.listbox.com