[Top] [All Lists]

Re: [ietf-smtp] [pkix] why you shouldn't even try to canonicalize local parts

2016-03-14 11:35:14
TOFU certainly seems to work in practice. But this does't address the question that started this discussion, looking for a new correspondent's certificate in a key store. If I look for bobsmith@example and it has a cert for BobSmith@example, it's clearly the same person. But if it finds Bob.Smith@example or Robert.Smith@example or R.W.Smith@example, who knows? That's why you need help from the mail system that knows where the addresses go.

I propose rewriting 5750 Sec 3 and deprecate the use of email
addresses in S/MIME certificates *entirely*.  We'd add to Sec 3
instructions for MUAs to:

- Treat an email signature as a valid signature if the MUA has
associated that signature's public key [1] with the From: or Sender:
address.  Call this the "valid if expected" rule.

- Require the MUA to associate a public key with an email address
the first time it receives a signed email, ideally with an explicit
user acknowledgement.  The "record on first use" rule.

- Require MUAs to notify users of a security problem when an email
from any address arrives with a signature by any other public key than
the one expected.  The "notify on broken expectations" rule.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>