This one is ... interesting, in a pedantic sort of way.
The current ABNF is clearly incorrect; the question is how best to fix it.
The simplest fix is:
spf-rp-tag = "rp=" 1*3DIGIT
This conforms to the ABNF used for similar percentage values
in related specifications. For example RFC 7489 defines pct as:
dmarc-percent = "pct" *WSP "=" *WSP
1*3DIGIT
Even though the pct value is restricted in the text to the
same 0-100 range as is allowed here.
But this allows values outside the allowed range, as well as leading zeros. The
fix suggested in the report restricts things to the allowed range:
spf-rp-tag = "rp=" "100" / 1*2DIGIT
But it doesn't deal with the leading zero issue. And it now disallows things
like "001" that were allowed before, and which do specify an in-range value.
If you also want to eliminate leading zeros, then you need something like:
spf-rp-tag = "rp=" ("100" / ([%x31-39] DIGIT))
Of course there are other ways to do it, but I don't think there are
any that involve fewer terminals.
As to what implementations do, my guess is most call whatever integer parser
they have handy, and then check to see if the result is in range. This probably
means they are tolerant of leading zeros - although I guess it's faintly
possible that a value with a leading zero will be interpreted in base 8 - and
some probably allow a leading +/-.
And finally, there's the question of whether this is a correction or an update.
I think 1*3DIGIT clearly qualifies as a correction given that's what is in other
RFCs, but the more restrictive you get the closer you are to this being
an update.
Anyway, my recommendation is to go with 1*3DIGIT for now, although I don't
feel strongly about it.
Ned
> The following errata report has been submitted for RFC6652,
> "Sender Policy Framework (SPF) Authentication Failure Reporting Using the
> Abuse Reporting Format".
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid6579
> --------------------------------------
> Type: Technical
> Reported by: Benjamin Schwarze <[email protected]>
> Section: 3.
> Original Text
> -------------
> spf-rp-tag = "rp=" 1*12DIGIT "/" 1*12DIGIT
> Corrected Text
> --------------
> spf-rp-tag = "rp=" "100" / 1*2DIGIT
> Notes
> -----
> As explained in paragraph 3, the value of the "rp" modifier should be an
> integer value between 0 and 100. However, the specified abnf does not fit this
> requirement.
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> can log in to change the status and edit the report, if necessary.
> --------------------------------------
> RFC6652 (draft-ietf-marf-spf-reporting-11)
> --------------------------------------
> Title : Sender Policy Framework (SPF) Authentication Failure
> Reporting Using the Abuse Reporting Format
> Publication Date : June 2012
> Author(s) : S. Kitterman
> Category : PROPOSED STANDARD
> Source : Messaging Abuse Reporting Format
> Area : Applications
> Stream : IETF
> Verifying Party : IESG
> _______________________________________________
> marf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/marf
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
