IETF Logo Mail Archive

Re: [spfbis] RFC6147 and RFC7208 interoperability issues

John Levine <johnl@taugh.com> Mon, 07 February 2022 15:48 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD1783A0E4C for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 07:48:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=jr1MspPX; dkim=pass (2048-bit key) header.d=taugh.com header.b=vLcjtBBN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jv6qcxo6GYvW for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 07:48:12 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 816FE3A0E0A for <spfbis@ietf.org>; Mon, 7 Feb 2022 07:47:18 -0800 (PST)
Received: (qmail 43056 invoked from network); 7 Feb 2022 15:47:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a82a.62013f03.k2202; bh=WeFhoLdSK21fV3n+4DbjgVIQw/yG3dptKg1RWooJrJY=; b=jr1MspPXIP/1/V3ZuejAUT01ZRkAp71g3493vi92f4X2atrb/VvP2H/KOhzT/9PzYVtc6S/fJMJPvZXctuNuifks98vHLgz/cNH0+KyeTM9EI6OpSHEjX0Drsh/gKEWN5mgqgWVjaW1Mh6O+657frAz8bF/BOWaBOEnBtdTlUQsze4vWaN3hHZKu+DhZYCfVk1zzJHkxPQzNgbhmYpOi8wXvocCQ7mfZD4yRxtw45l6/tPywU68h/Vc6A5sHeDgQDBetaEuYSKIoBnYI2fbmb8QPDyY7tPyacI01i/STGRQrCVHVG5LyDOSIvSXkrkiMWOpVEVUbQuBoO79ALJEShA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=a82a.62013f03.k2202; bh=WeFhoLdSK21fV3n+4DbjgVIQw/yG3dptKg1RWooJrJY=; b=vLcjtBBN24iG+E5hRf6ivoc8K3poPFOXvaKkZi0CRlTpjHyWPfC2zkG2nhJKJHSJ6EfZSs2Y/WArpuEsy4DoYWT/bxF+PmrS5n0hHXULBa0vEDjvXfCooGqibZREotDZqCFkrPgKqa/YWRvCEtkn/gtRVCl00beR3Vj+Lt9y2dy3Sh+e5nif0tLa8d5TChZHgZnlfz4lUDKT6PCt0ibGfq5x/5tuEovweo4y9wKXtnARyb0xl4dOLJK7asOS2vDlj9TApi+NEfpOjL8J7y6iulmlOV3ac5yxtsPAxXYfwi5spM2tH2kbF6Bm7vDCGwiZUlrkpD+bY2wiCq8wtHfOqA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 07 Feb 2022 15:47:14 -0000
Received: by ary.qy (Postfix, from userid 501) id 40A34366F304; Mon, 7 Feb 2022 10:47:13 -0500 (EST)
Date: Mon, 07 Feb 2022 10:47:13 -0500
Message-Id: <20220207154714.40A34366F304@ary.qy>
From: John Levine <johnl@taugh.com>
To: spfbis@ietf.org
Cc: spf2@kitterman.com
In-Reply-To: <2244581.DCeBYFrMaS@localhost>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/mongUcFbKOP0zGK7-9CWNZTyOZY>
Subject: Re: [spfbis] RFC6147 and RFC7208 interoperability issues
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 15:48:28 -0000

It appears that Scott Kitterman  <spf2@kitterman.com> said:
>Reading RFC 7050, it looks like ipv4only.arpa can return more than one name.  
>That would seem to be a complication if I'm reading it correctly.
>
>As a practical matter, it probably doesn't matter, but RFC 7050 doesn't update 
>RFC 6147, so in theory other prefix determination methods could be used.
>
>I guess the ::ffff:0:0/96 (IPv4-mapped Address) prefix should be considered 
>similarly.
>
>Is there enough here that it would be worth an Applicability Statement?

On the one hand, I think the implementation would be quite easy.  When the SPF
library receives an external IPv6 address to check, it does the ipv4only
lookup and if the prefix on the address is one of the mapped ones, it
rewrites the IPv6 address to the corresponding IPv4 address and passes it
along to the rest of the SPF code.

On the other hand, since this is the first time in fifteen years that anyone
has run into this, I don't think it's worth fixing.  If you want to put a
mail server behind DNS64, you're on your own.

R's,
John

v2.23.0 | Report a Bug | By Email