ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] another attempt to canonicalize local parts

2016-03-10 13:00:46
On Thu, Mar 10, 2016 at 2:28 AM, John R Levine <johnl(_at_)taugh(_dot_)com> 
wrote:

Agree that the SMTP servers could be a reasonable approach.  Others might
be to declare some sort of canonicalization rule or matching regex in the
cert.


Enumerating canonicalizations is hopeless for reasons already discussed,
but Regex is an interesting idea, although it quickly takes you back to the
question of what assertion the certificate is making.  At this point, the
places signing S/MIME certs just check that the applicant reads mail at the
address in the cert by sending it a link.


Its certainly true that the issuer of a cert using such a regex represented
name matters greatly now.  (I wondered about the same issue in another
thread)  A third party CA is going to have a much harder time understanding
the local practices, and that represents a spoofing risk, though I suspect
it might be possible to communicate local practices to prevent that.  A
workable scenario is that the certificate issuer is the email domain owner
who understands intimately the email local practices.

-Wei

But what does that mean with a regex?  How do you check that the addresses
it matches all map to the same mailbox?  Sometimes you can enumerate the
addresses a regex matches (these are all me):

(hostmaster|johnl?)@(iecc|taugh)\.com

sometimes you can in principle but not in practice:

[Jj]\.?[Oo]\.?[Hh]\.?[Nn]\.?[Ll]\.[Ee]\.?[Vv]\.?[Ii]\.?[Nn]\
.?[Ee]\.?@gmail\.com

sometimes you can't even try although you could use heuristics

(johnl?-[^@]+@iecc|[^@]+@johnlevine)\.com

but how do you allow those but not this one?

(hostmaster|johnl?)@(iecc|taugh|paypal)\.com

R's,
John


These are
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>