[Top] [All Lists]

Re: [smime] [ietf-smtp] why you shouldn't even try to canonicalize local parts

2016-03-16 09:45:41
On Tue, Mar 15, 2016 at 4:28 PM, John R Levine <johnl(_at_)taugh(_dot_)com> 

Another idea in the opposite direction:

A local-part fix up might be to use RFC7508 encrypted headers to repair
FROM and SENDER email addresses to their canonical form.

If you mean the canonicalization rules in section 4.3, they're borrowed
from DKIM and only change white space.

Actually I meant using the encrypt and decrypt functionality of RFC7508
4.6.1 and 4.6.2 to replace the FROM and SENDER headers contents which are
used for transport with the presented values to be verified and presented
to the recipient.  In those sections, the two headers when present are
treated as status modified and replaced with new values.

It also references RFC 5750 which says that

      Receiving agents MUST check that the address in the
   From or Sender header of a mail message matches an Internet mail
   address, if present, in the signer's certificate, if mail addresses
   are present in the certificate.

but it doesn't say what "matches" means.

It probably would be risky for the validator which often is remote from to
the sender's domain and unfamiliar with their SMTP processing policies to
fix anything up (excepting IDNA) during comparison without some sort of
instruction from the sender.



ietf-smtp mailing list

smime mailing list
<Prev in Thread] Current Thread [Next in Thread>