chrislandis
commented
1 year ago Before we change the documentation has the code been verified to conform to 7208? RFC 4408 was experimental and there are likely to have been changes in the proposed standard (RFC 7208). If this was originally written against 4408 then before we claim it checks records in accordance with 7208 we should make sure that is the case.
Great point, @mcdonnnj! In my look at the code (which was not a thorough verification), I did not happen to see any way in which trustymail acted contrary to RFC 7208; however, I did not conduct a full analysis to ensure that there were no missing actions. In other words, to achieve a formal verification, we would need to ensure both soundness (that trustymail acts strictly within the SPF specification, not doing extra stuff related to SPF) and completeness (that trustymail does everything in the SPF specification).
There are various courses of action that we could take from here in support of this verification.
- We could pause this pull request to complete the verification. If we find problems with soundness or completeness, each of those would become its own new issue. Once all (if any) issues are identified and created (but not necessarily resolved), we could advance this pull request.
- Alternatively, we could proceed with this pull request now and create a new issue that tasks
trustymail's SPF verification with RFC 7208. - There may be a different way that is preferable to the CISA Team.
๐ฃ Description
This pull request updates the README's RFC 4408 citation to RFC 7208 and adds a link thereto.
๐ญ Motivation and context
We do not want
trustymaildocumentation (or code) to cite superseded references. RFC 7208 superseded RFC 4408. Resolves #136.๐งช Testing
After making the change to the README, I pushed the change to my forked repo and could proof-read the text and test the link from there.
โ Pre-approval checklist