On Thu, Nov 08, 2018 at 07:59:24AM +0100, Werner Koch wrote:
On Thu, 8 Nov 2018 02:25, sandals(_at_)crustytoothpaste(_dot_)net said:
I definitely agree that lowercasing the address is wrong. The RFCs say
that the local part is case sensitive, and there are many case-sensitive
systems on the Internet today.
Please tell me a single public accessible system which is
case-sensitive. Ask any non-hacker about mail addresses; almost
everyone enters mail addresses in whatever case they like. I have seen
many business cards which spell Joe(_dot_)Hacker(_at_)example(_dot_)org
despite that the
canonical address is joe(_dot_)hacker(_at_)example(_dot_)org. See also the
OpenPGP DANE
RFC for this.
My mail system is case sensitive.
Even ignoring me as an example, there's now SMTPUTF8, which means that
case folding is nontrivial. Turkish has a dotted I and dotless I, and
case folding a Turkish email address in the traditional ASCII way could
produce invalid results even if the system is case-insensitive. Greek
sigma case folds differently depending on position. Moreover, I expect
some SMTPUTF8-capable systems don't case fold non-ASCII characters.
Even if you think this is not an issue, RFC 5321 requires that the
local-part "MUST be…assigned semantics only by the host specified", and
we should not knowingly violate other IETF RFCs in writing our own.
This is a MUST directive; it is not optional.
If you adopted Ian Jackson's suggestion to not hash the name, then case
sensitivity wouldn't be a concern; you could simply choose to let the
remote system accept whichever case you wanted.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp