On Sep 10, 2007, at 11:14 PM, Blake Ramsdell wrote:
On Mon, Sep 10, 2007 at 09:26:36PM -0700, Timothy J. Miller wrote:
2822 says that the domain-part of an address is interpreted as a
domain
name, and the DNS RFCs say domain names are case-insensitive.
But it looks
to me like 2822 is silent on *local-part* case sensitivity.
RFC 2822, section 3.4.1:
"The local-part portion is a domain dependent string."
My interpretation of that is "Don't touch it. At all. It's not yours."
Logic can take us either way; i.e., since RFCs are generally
silent unless
insensitivity is needed, local-part must be sensitive--or,
alternately,
since the RFC is silent in this case it's best to interpret for
maximum
compatibility, so local-part must be insensitive.
And most MTAs and MUAs in my experience treat local-part as case
insensitive.
Probably not a good assumption in general, at least for MTAs:
RFC 2821, section 2.4:
"The local-part of a mailbox MUST BE treated as case sensitive.
Therefore,
SMTP implementations MUST take care to preserve the case of mailbox
local-parts."
Should the local-part of an RFC2822 addr-spec be interpreted as
case-insensitive?
I think "no", based on the citations above. I do empathize with you
about the
particular problem you have. I've seen agents change
Blake(_dot_)Ramsdell(_at_)example(_dot_)com to BLAKE(_dot_)RAMSDELL(_at_)EXAMPLE(_dot_)COM on more
than one
occasion.
I appreciate the reference in 2821; I hadn't thought to look there.
I can agree with MTAs retaining case sensitivity because they need to
deliver to the proper mailbox. However, does the same requirement
make sense for MUAs when *receiving* mail?
There's a real interoperability problem here. It doesn't arise in
most MUAs because the MUAs treat local-part as case insensitive--
insofar as address *matching* is concerned (frex, with an address
book), and this is carried over into S/MIME handing in these
clients. However, these same MUAs are also *case-preserving*, so
they don't interfere with case-sensitive MTA delivery.
So maybe a better question is: Should 3850, in section 3 (para 5)
specify case insensitive local-part matching when assuring that the
From or Sender address matches an address in the certificate?
-- Tim
smime.p7s
Description: S/MIME cryptographic signature