[dev] [commits] Horde branch develop updated. 2cd26a26e02a3c15e50c6a7bbf2f59397288f9bf

Jan Schneider jan at horde.org
Wed Aug 29 19:25:21 UTC 2012 

Zitat von Michael M Slusarz <slusarz at horde.org>:

> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>>
>>>> It's not about false negatives but false positives, which we care  
>>>> about in this our use case. See my committed test.
>>>
>>> This test is wrong:
>>>
>>>       $address3 = new Horde_Mail_Rfc822_Address('Test  
>>> <test at example.co.uk>');
>>> [...]
>>>       $this->assertFalse($address3->matchDomain('co.uk'));
>>>
>>> This should be:
>>>
>>>       $this->assertTrue($address3->matchDomain('co.uk'));
>>>
>>> The address "test at example.co.uk" is in the domain "co.uk".  So  
>>> matchDomain('co.uk') SHOULD return true. 'example.co.uk' is, by  
>>> definition, a subdomain of 'co.uk'.  From RFC 1034:
>>>
>>> "A domain is a subdomain of another domain if it is contained  
>>> within that domain."
>>>
>>> Put another way:
>>>
>>> $address = new Horde_Mail_Rfc822_Address('Test <test at example.com>');
>>> $this->assertTrue($address->matchDomain('com'));
>>>
>>> 'com' is a perfectly valid domain.  And 'example.com' is in the  
>>> 'com' domain.
>>
>> Granted, this is technically correct. But isn't the use-case to  
>> verify if an address is from a domain that can be "owned"?
>
> No.  The use case is whatever the consumer wants it to be.
>
> In the case of IMP, we are now allowing the auto-accept itip code to  
> use a list of user-defined domains to treat as trusted.  So it is up  
> to the admin to determine what consists of a user-defined domain.   
> Theoretically, if an admin wants to allow all 'co.uk' domains, they  
> should be allowed to do this (and the documentation should  
> sufficiently put them on notice that this is what the code will do).

Okay, I misunderstood that we would determine the allowance of itip  
updates from the user's email domain(s).

> Regardless, we shouldn't be in the business of trying to research  
> and determine what consists a TLD, or-pseudo TLD in the 'co.uk'  
> situation.  Another example: several (all?) of the U.S. states "own"  
> domains of the form 'state.XX.us'.  It should not be our duty to  
> research, and then maintain, this sort of "special" domain list.
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]


-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the dev mailing list