[Top] [All Lists]

Re: Vagueness re: case sensitivity of local-part in RFC2822.

2007-09-11 11:14:26
On Sep 10, 2007, at 11:14 PM, Blake Ramsdell wrote:

On Mon, Sep 10, 2007 at 09:26:36PM -0700, Timothy J. Miller wrote:
2822 says that the domain-part of an address is interpreted as a domain name, and the DNS RFCs say domain names are case-insensitive. But it looks
 to me like 2822 is silent on *local-part* case sensitivity.

RFC 2822, section 3.4.1:

"The local-part portion is a domain dependent string."

My interpretation of that is "Don't touch it. At all. It's not yours."

Logic can take us either way; i.e., since RFCs are generally silent unless insensitivity is needed, local-part must be sensitive--or, alternately, since the RFC is silent in this case it's best to interpret for maximum
 compatibility, so local-part must be insensitive.

 And most MTAs and MUAs in my experience treat local-part as case

Probably not a good assumption in general, at least for MTAs:

RFC 2821, section 2.4:

"The local-part of a mailbox MUST BE treated as case sensitive. Therefore,
SMTP implementations MUST take care to preserve the case of mailbox

 Should the local-part of an RFC2822 addr-spec be interpreted as

I think "no", based on the citations above. I do empathize with you about the
particular problem you have. I've seen agents change
Blake(_dot_)Ramsdell(_at_)example(_dot_)com to BLAKE(_dot_)RAMSDELL(_at_)EXAMPLE(_dot_)COM on more than one

I appreciate the reference in 2821; I hadn't thought to look there. I can agree with MTAs retaining case sensitivity because they need to deliver to the proper mailbox. However, does the same requirement make sense for MUAs when *receiving* mail?

There's a real interoperability problem here. It doesn't arise in most MUAs because the MUAs treat local-part as case insensitive-- insofar as address *matching* is concerned (frex, with an address book), and this is carried over into S/MIME handing in these clients. However, these same MUAs are also *case-preserving*, so they don't interfere with case-sensitive MTA delivery.

So maybe a better question is: Should 3850, in section 3 (para 5) specify case insensitive local-part matching when assuring that the From or Sender address matches an address in the certificate?

-- Tim

Attachment: smime.p7s
Description: S/MIME cryptographic signature

<Prev in Thread] Current Thread [Next in Thread>