[Top] [All Lists]

Re: RFC 3280 error WRT rfc822Name

2002-09-17 15:37:05

Steve Hanna wrote:

In section, RFC 3280 (and RFC 2459) says:

  Note that while upper and lower case letters are allowed in an
  RFC 822 addr-spec, no significance is attached to the case.

But RFC 822 says:

       The only syntactic units which requires preservation of
       case information are:

                   -  text
                   -  qtext
                   -  dtext
                   -  ctext
                   -  quoted-pair
                   -  local-part, except "Postmaster"

       When matching any other syntactic unit, case is to be ignored.

And RFC 2821 (the successor to RFC 821 and the companion
to RFC 2822, which obsoletes RFC 822) is more explicit:

  The local-part of a mailbox MUST BE treated as case sensitive.

I have spoken to a few people about this and the consensus
seems to be that RFC 3280 is wrong. When matching email
addresses (such as when processing name constraints during
certificate path validation), the local-part component of
an email address must be treated as case-sensitive.

If the members of these lists don't agree with this analysis,
please speak up. Otherwise, I expect that this will be fixed
in the successor to RFC 3280. Note that I don't think this
is an especially big deal. I just thought people would want
to know of the problem ASAP.

Note also that many email servers don't treat local-part as
case-sensitive. But some do. There's no way for a certificate
processing system to know whether steve(_dot_)hanna(_at_)sun(_dot_)com is
actually the same mailbox as Steve(_dot_)Hanna(_at_)sun(_dot_)com(_dot_) So the
certificate processing system must treat them as different.
At least, that's the rationale for this rule.


Steve Hanna
Sun Microsystems, Inc.
Thanks, Steve.

That's pretty interesting....I hope I'm the only one surprised by this requirement. At the end of the same paragraph in RFC 2821 is the "loophole" that I think most people will invoke to get around this new "requirement":

...However, exploiting the case sensitivity of mailbox local-parts impedes 
interoperability and is discouraged.

I anticipate that this means, for all practical matters, that the "MUST" part of case sensitivity will be ignored by enough vendors that we should plan on treating the mail local-part as case insensitive anyhow. Personally, I think it makes sense to treat mailbox strings as case insensitive, but that's just me speaking.


<Prev in Thread] Current Thread [Next in Thread>