[Top] [All Lists]

Re: RFC 3280 error WRT rfc822Name

2002-09-18 11:14:48

May be also an issue for those who depend on ldap 'mail' attribute and by
protocol ldap's data is case insensitive.  Himanshu

Marc Jadoul wrote:

Seems a BIG problem to me!

May be RFC 3280 is wrong in his understanding of RFC 822.
But RFC 822 (or ...) is probably wrong in doing things so complex for End
And I do not see how it can be fixed except fixing RFC 2822 and RFC 2821.

Why is it like this in RFC 822 and successor?

Marc Jadoul

----- Original Message -----
From: "Steve Hanna" <steve(_dot_)hanna(_at_)sun(_dot_)com>
To: <ietf-pkix(_at_)imc(_dot_)org>; <ietf-smime(_at_)imc(_dot_)org>
Sent: Tuesday, September 17, 2002 11:23 PM
Subject: RFC 3280 error WRT rfc822Name

In section, RFC 3280 (and RFC 2459) says:

   Note that while upper and lower case letters are allowed in an
   RFC 822 addr-spec, no significance is attached to the case.

But RFC 822 says:

        The only syntactic units which requires preservation of
        case information are:

                    -  text
                    -  qtext
                    -  dtext
                    -  ctext
                    -  quoted-pair
                    -  local-part, except "Postmaster"

        When matching any other syntactic unit, case is to be ignored.

And RFC 2821 (the successor to RFC 821 and the companion
to RFC 2822, which obsoletes RFC 822) is more explicit:

   The local-part of a mailbox MUST BE treated as case sensitive.

I have spoken to a few people about this and the consensus
seems to be that RFC 3280 is wrong. When matching email
addresses (such as when processing name constraints during
certificate path validation), the local-part component of
an email address must be treated as case-sensitive.

If the members of these lists don't agree with this analysis,
please speak up. Otherwise, I expect that this will be fixed
in the successor to RFC 3280. Note that I don't think this
is an especially big deal. I just thought people would want
to know of the problem ASAP.

Note also that many email servers don't treat local-part as
case-sensitive. But some do. There's no way for a certificate
processing system to know whether steve(_dot_)hanna(_at_)sun(_dot_)com is
actually the same mailbox as Steve(_dot_)Hanna(_at_)sun(_dot_)com(_dot_) So 
certificate processing system must treat them as different.
At least, that's the rationale for this rule.


Steve Hanna
Sun Microsystems, Inc.

<Prev in Thread] Current Thread [Next in Thread>