This weekend, Julian stumbled upon what I think is a clear error in
RFC4408.

Section 8.1. "Macro Definitions" says, in part:

   Uppercased macros expand exactly as their lowercased equivalents, and
   are then URL escaped.  URL escaping must be performed for characters
   not in the "uric" set, which is defined in [RFC3986].

Unfortunately, the "uric" part is wrong.

First, there is the minor point that the update from RFC2396 to RFC3986
deprecated <uric>, and RFC3986 only mentiones it in an appendix.

Then there is the minor point that "uric" is not a character set, but
rather a set of strings.

The major point, however, is that this never should have been "uric"
but instead it should have been "unreserved".  "Unreserved" is
actually a character set and it is what Meng's original M:S:Q, libspf
and libspf2 all use.

*sigh*

Well, actually, those three SPF implementations use the RFC2396
definition of "unreserved", that changed slightly in RFC3986.  This
change was deliberate, see:

http://www.greenbytes.de/tech/webdav/draft-fielding-uri-rfc2396bis-04.html#modifications

This explanation was deleted in the -05 revision of the I-D and not
even a mention that things changed made it into the final RFC. :-<

Looking through the spf-discuss archive, I see that Frank *did*
mention that RFC3986 no longer had "uric", but both times they were in
relation to other topics and I missed the point.  At no time did
anyone point out that we shouldn't be using "uric" at all.

Ok, before I list this as an official erratum/errata/whatever, do
people agree that this is really an error in the RFC?

-wayne