Re: [spfbis] Result of record evaluation with non-implemented mechanism
Alessandro Vesely <vesely@tana.it> Thu, 14 January 2016 20:50 UTC
Return-Path: <vesely@tana.it>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C98FC1ACD6E for <spfbis@ietfa.amsl.com>; Thu, 14 Jan 2016 12:50:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.423
X-Spam-Level:
X-Spam-Status: No, score=-2.423 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9R8COtlgzfbE for <spfbis@ietfa.amsl.com>; Thu, 14 Jan 2016 12:50:38 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8631A1ACD61 for <spfbis@ietf.org>; Thu, 14 Jan 2016 12:50:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1452804635; bh=HhjHrcoSmHVKgU0i+p9r8Wbo+/q2DiWDlwKGfRyyalM=; l=1629; h=To:References:From:Date:In-Reply-To; b=XmQr3Pn7i6y50KZy62N90e+NX+tSqsXLFLg9FzF6GIsSjPCPQJSbX62rHZZ/cEuVG kCftbm3mtPqqvs9SMKMDL61IL1FCsHAFXdygPMcLXxFORbQx/QFthXScvYf3LheGfm m4NFOpu+JX9L17HrsxQGDQb4Nk36JCDW19jmGC4k=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 14 Jan 2016 21:50:34 +0100 id 00000000005DC059.0000000056980A1A.000055A0
To: S Moonesamy <sm+ietf@elandsys.com>, spfbis@ietf.org
References: <5695253F.6060702@tana.it> <6.2.5.6.2.20160114071739.0e0ec630@resistor.net>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <56980A1A.2090603@tana.it>
Date: Thu, 14 Jan 2016 21:50:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0
MIME-Version: 1.0
In-Reply-To: <6.2.5.6.2.20160114071739.0e0ec630@resistor.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/spfbis/c-292eS1PLVSby8pUBrrLim-LTg>
Subject: Re: [spfbis] Result of record evaluation with non-implemented mechanism
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2016 20:50:40 -0000
Hi SM,
On Thu 14/Jan/2016 16:36:41 +0100 S Moonesamy wrote:
> At 08:09 12-01-2016, Alessandro Vesely wrote:
>>
>> NEW
>> When a mechanism is evaluated, one of three things can happen: it can
>> match, not match, or return an exception. Non-implemented mechanisms
>> MUST NOT return an exception.
>>
>> Better ideas?
>
> The suggested text is about non-implemented mechanisms. There is a "do not
> use" mechanism. Would that be a non-implemented mechanism? There isn't an
> explanation for the "MUST NOT" in the suggested text.
Yeah, that would have been a bit freaky. Yet, a cute evaluator could optimize
an evaluation in some ways. Consider a record ending like so:
... ?exists:%{ir}.blah ?all
There is no reason to evaluate the exists.
Now what if you had:
... ?exists:%{ir}.blah -all
Suppose you know your internal policy only differentiates between "pass" and
"not-pass". Getting "neutral" or "fail" wouldn't make a real difference,
except for the formal result name that you write on reports. Does it really
hurt to put "none" as in "nothing relevant here"? The note at the end of
Section 4.8 seems to allow some leeway in the reported result, but only for
malformed names.
There are some other head-scratchers before the example in the first bullet of
Appendix D.1 can be used in practice. One is the query quota that a whitelist
may impose.
Let me use this post as an occasion to apologize to Google for having wrongly
imagined that their implementation skips proper evaluation of mechanisms. In
fact, the resulting DNS queries fail precisely because it doesn't.
Ale
- [spfbis] Result of record evaluation with non-imp… Alessandro Vesely
- Re: [spfbis] Result of record evaluation with non… Scott Kitterman
- Re: [spfbis] Result of record evaluation with non… S Moonesamy
- Re: [spfbis] Result of record evaluation with non… Tim Draegen
- Re: [spfbis] Result of record evaluation with non… Alessandro Vesely
- Re: [spfbis] Result of record evaluation with non… Alessandro Vesely