[Top] [All Lists]

Re: [ietf-smtp] another attempt to canonicalize local parts

2016-03-09 17:08:40
Do you see any problems to introducing a new PKIX email address type to
support Unicode in email local part for Email-Address-Internationalization?

No new problems, although it makes the variant local part issue even more obvious. I don't claim to be a Unicode expert but it seems clear to me that for the mapping rules to be useful to non-technical users they have to match offline conventions, which means that they depend on the user's language. So for a large system like gmail, there's likely to be dozens of different character mapping rules for different user languages, just as there are dozens of different language options for the gmail web interface.

The alternative is that for each mapping i.e. email address variant the sender will need a different set of signing keys and certificates,
which they will have to distribute.  Because these email addresss local
variations have become so ingrained, adopting PKIX for email address authentication becomes burdensome to point of killing off its feasibility.

S/MIME has been widely available for close to 20 years, implemented in nearly all desktop MUAs, and the number of people who use it (other than the ones whose employers demand it) still rounds to zero. PGP is no better, despite the wide availablity of public PGP key servers. I think the poor match between the addresses in certs and the ones in real mail is one of the reasons.

If you want to move ahead with this, it would be more productive to think harder about how to improve PKIX to match mail practice than try to force a billion mail users into the underdesigned PKIX address model since there are a whole lot more mail users than S/MIME and PKIX certificate users. It's not out of the question that SMTP servers could help, e.g., the oracle to ask if two addresses are the same recipient.

It'd also be a big help to clarify what the problem is to be solved. Is it to assert that mail with the address fred(_dot_)smith(_at_)example(_dot_)com is from an actual person named Fred Smith, that encrypted mail will only be read by that person, that today's mail with that address is from the same person it was from yesterday, or something else?


ietf-smtp mailing list