[Top] [All Lists]

Re: [ietf-smtp] [pkix] why you shouldn't even try to canonicalize local parts

2016-03-14 15:00:20
TOFU certainly seems to work in practice.  But this does't address the
question that started this discussion, looking for a new correspondent's
certificate in a key store.  If I look for bobsmith@example and it has a cert 
BobSmith@example, it's clearly the same person.  But if it finds
Bob.Smith@example or Robert.Smith@example or R.W.Smith@example,
who knows?

The question that started the discussion is the inconsistency of MUAs to match 
local-part of a From: address to the local-part of an rfc822Address SANs or 
email RDN component  

However--An *a priori* search of a key store is a niche case.  

First, outside an enterprise there is no global directory, so there's no place 
to search anyway. You're much more likely to exchange unsigned emails first.

Second, inside an enterprise context where there *is* a directory, the address 
format is often fixed and known and the directory provides additional context 
(e.g., department, phone number, etc.) to disambiguate results, so strict 
matching standards aren't needed.

-- T

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>