ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Possible ambiguity in description of regular expressions: [^][]

2021-01-08 18:08:32
from [Ángel] [Permanent Link] 
On 2021-01-08 at 16:55 +0000, Andrew Gallagher wrote:

It strikes me that regexes are an overengineered solution to a
narrow use case, and that a simple *? globbing language would be more
than sufficient. Is anything more complex than <*@*.example.com>
required in the real world?


That's a good point. It indeed looks as overengineered, but I'm not
aware of the dicussion that led to that being included.

I would probably include {} alternatives, to cover multiple tlds, so
resusing my previous example, that could be expressed as:
 "*@protonmail.{com,ch}>"

but I don't think that is required if the same can be expressed with
multiple subpackets.
Note that currently it isn't specified what happens if multiple Regular
Expression subpackets are present.

Only signatures by the target key on User IDs that match the regular
expression in the body of this packet have trust extended by the
trust Signature subpacket.


If I made a signature with by TWO Regular Expressions
".*@andrewg.com>$" and "Andrew.*", would that cover user ids matching
ANY of them, or only those matched by BOTH?


If a new "Globbing expression" subpacket was added, allowing user ids
covering any of them would be a simple solution (and probably cleaner
as well) to not require that {}


Another fine point would be if * should expand across dots or,
following the same rulesprecedent as SSL certificates not expand
through several labels (see rfc6125 section-6.4.3 rule 2)


Finally, another point to consider would be whether to match only the
email address portion. Yes, User ID could contain something else, but
this delegation of partial trust only seem useful when combined with a
hierarchical structure, such as those to be found on the email address
part. It seems rare to require a matching on the display name part.
And allowing that would greatly decrease its security. Basically a
wildcard not on the left-most side could be bypassed by including the
required characters on the display name.


Best regards

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Possible ambiguity in description of regular expressions: [^][], Andrew Gallagher
Next by Date:  Re: [openpgp] Possible ambiguity in description of regular expressions: [^][], Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Possible ambiguity in description of regular expressions: [^][], Andrew Gallagher
Next by Thread:  Re: [openpgp] Possible ambiguity in description of regular expressions: [^][], Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]