Re: [spfbis] Question regarding RFC 7208

"John Levine" <johnl@taugh.com> Sun, 22 July 2018 20:08 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6937A130EC6 for <spfbis@ietfa.amsl.com>; Sun, 22 Jul 2018 13:08:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=zSlnsWlz; dkim=pass (1536-bit key) header.d=taugh.com header.b=AsVmYKnt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h7ixfKffBaqx for <spfbis@ietfa.amsl.com>; Sun, 22 Jul 2018 13:08:17 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0D62131002 for <spfbis@ietf.org>; Sun, 22 Jul 2018 13:08:16 -0700 (PDT)
Received: (qmail 74380 invoked from network); 22 Jul 2018 20:08:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1228a.5b54e42f.k1807; bh=m7GDH5KuSpTwInCJRh+t6wQWSc5Fd/ePa4d/yFYFLfU=; b=zSlnsWlzBOSXaBxS11HB+0JciTOvZ6BQBPQHny8rKkI//l8UWmkU7AKLhXhZgxnLu68IOzj9wRCM3xqmNc+7YoIT0g3+0tZ1v6xq7MDfd3UiiAAUj/904hcmUWevRlJofbUV1sjSRsh5GexYM4v955mjB8K8+yKSzw43iZq259mmCLUniDLc3lkjtd4jLeC8Sg3ju3VeaDQfNdP2stzzKO8CA9+3Y4QSO53+hfptJXoXWknoWrggqwcARr5BJDzL
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1228a.5b54e42f.k1807; bh=m7GDH5KuSpTwInCJRh+t6wQWSc5Fd/ePa4d/yFYFLfU=; b=AsVmYKnts+sIdQJWZvn9QHuuO9DsNmm0LMMXjeCh0oq5+kZi0jvN95fOPuyRom4p+/Zk1dDNZ+Kk4qph6Cr6T1zWM2BGjWtWwCYslOv0MSCKMrJVXf35KyuzK6Wj1aRhYxy8mSsUXYzF0LGDt0VIG8HEG80Aq18XcUloiWdPn51qJAZnjd2zI6rD07XA11BbqB0B9AwKQF6V6ZB1us6Zh+Jl3xM/g2Osqlrxkspo4ACCMNLt7uUvoFmxRc5KUdUV
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 22 Jul 2018 20:08:15 -0000
Received: by ary.qy (Postfix, from userid 501) id 1E20220028DCC1; Sun, 22 Jul 2018 16:08:14 -0400 (EDT)
Date: 22 Jul 2018 16:08:14 -0400
Message-Id: <20180722200815.1E20220028DCC1@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: spfbis@ietf.org
Cc: poccil14@gmail.com
In-Reply-To: <5b54da0b.1c69fb81.14020.81f2@mx.google.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/l8WgQ6qaYA5EdPA4WYZM67IQwxg>
Subject: Re: [spfbis] Question regarding RFC 7208
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jul 2018 20:08:18 -0000

In article <5b54da0b.1c69fb81.14020.81f2@mx.google.com>; you write:
>An ABNF like the following would better follow practice in implementations.
>
>    header-field     = "Received-SPF:" [CFWS] result [ FWS comment ]
>                          [ FWS key-value-list ] [FWS] CRLF

While we can have a theological argument about whether the problem is
that the spec doesn't describe the protocol or the programmers didn't follow
the spec, I agree that this ABNF seems more likely to match what people would
consider to be reasonable syntax.


>Is a header field parser allowed to be so robust as to use the latter ABNF to parse the Received-SPF header field?  Is a correction to use that ABNF within the scope of an erratum to RFC 7208?

We are not the protocol police.  You can do whatever you want.
Adjusting your code to handle common benign sender mistakes is often a
good idea.

>(In addition, many cases I've seen include an IPv6 address in the client-ip parameter, which includes colons, without that address being a "quoted-string"
>or fitting the production "dot-atom".  But this issue can wait until I get answers on the main issue I raised in this message.)

I think that's a bug in the spec, due to forgetting that dot-atom doesn't include colons.

R's,
John