[Top] [All Lists]

Re: [ietf-smtp] [pkix] another attempt to canonicalize local parts

2016-03-11 18:57:11

--On Friday, March 11, 2016 21:37 +0000 Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:

I agree in general, but there's one point...

John C Klensin writes:
(1) Is it reasonable to try to "canonicalize" email addresses
to make them more usable for purposes other than routing and
delivering email?  RFC 5321 and associated and predecessor
documents are fairly clear on the answer to that question:
that answer is "don't even consider it".

I've done that and I'll do it again, and I believe that it is
safe and even desirable on one condition: That mistakes are
harmless and cheap. For instance, if I want to send mail on my
phone and start typing a name, the phone will show 3-4
suggestions. If its canonicalisation didn't do the right
thing, some of those suggestions will be poor. *Yawn*

As long as you are attentive enough to notice that, e.g., when
you intend a message for me and start by typing "john" that you
get me rather than John Levine or the Ivan the Great Memorial
Museum and Intelligence Service (I'll leave how the latter might
happen in a world of i18n addresses as an exercise).  If you are
not that attentive, whether the misdirect is harmless or not
becomes, at best, a matter of luck.

If you do consider being that attentive the price of guessing
and pay attention then I definitely agree.
I believe that if one wants to canonicalise email addresses
usefully, then it is necessary to design the surrounding
system such that mistakes are harmless. That's not too
difficult for address book software, but doing it for for
anything PKIX-like sounds daunting. Impossible? Perhaps,
perhaps not.

See above for address book software.  For PKIX-like things, the
stakes typically go up for the reasons John Levine suggested --
having a message whose content you had reason to want to protect
to access by a narrowly restricted audience go to the wrong
person with strong encryption using the key of that wrong person
is unlikely to be harmless.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>