On May 28, 2018, at 1:42 AM, Neal H. Walfield <neal(_at_)walfield(_dot_)org>
wrote:
On Mon, 28 May 2018 04:06:59 +0200,
Jon Callas wrote:
Moreover, there's a regular expression helpfully defined in Section
8 that is a pretty bog-simple language
Implementing regular expression support might be bog-simple, but I
think it is still orders of magnitude more complicated than just a
list of domains. And, I think, the general lack of support for this
feature is strong evidence that this is the case.
Thus, it seems to me, that making the complicated theoretically
possible has made the simple practically impossible. That's
unfortunate.
Do you know of any examples where a list of domains is not sufficient?
As I alluded to in my previous missive, I think that a list of domains is
harder than you think. My experience in dealing with other domain-based PKI
leads me right there.
Does “example.com” match “mail.example.com”? Either yes or no is completely
reasonable. Does “*.example.com” (which obviously matches “mail.example.com")
match “example.com”? In this case, I think that the answer is yes, but gentle
persons can disagree. I’d just roll my eyes if you said no, because yeah, sure,
there’s no problem in having your list of domains have both “example.com” and
“*.example.com” to be explicit about it. I see the point.
Matching domains in the general case has all sorts of other weird edge cases
especially in CCTLDs because many CCTLDs don’t issue anything on the bare
country code. For example, for many years you couldn’t get “example.uk” but you
could get “example.co.uk”. In any event, some CCTLDs allow a bare country code
and some don’t. Do you take this into account in your list of domains? I think
that an answer that is “whatever you put there is what we do” is a great
answer, but there are people who will disagree. What about trailing dots on a
domain? How are they handled?
I believe that a list of domains is harder than you think. Whatever decisions
you make on the edge conditions of domains are something you yourself can do so
that when I type in a list of domains, your interpretations will correctly be
coded into it and that someone else will interpret them in the way you did.
Go look at the definition of regular expressions in RFC 4880. It’s basically
just a paragraph. With my tongue partially in my cheek, I bet you can’t sort
out what “list of domains” means in all the edge cases in less text than that
definition of regular expressions. That is the reason that working group
consensus went to the trouble of finding a minimal, utterly no-IP definition of
a regular expression. It’s in a very real sense simpler than just about
anything else.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp