Re: [Anima] Russ: Re: rfc822Name use in Autonomic Control Plane document
Toerless Eckert <tte@cs.fau.de> Sun, 28 June 2020 00:07 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E4C63A087C for <anima@ietfa.amsl.com>; Sat, 27 Jun 2020 17:07:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lohVoCQliKz5 for <anima@ietfa.amsl.com>; Sat, 27 Jun 2020 17:06:59 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACB663A087B for <anima@ietf.org>; Sat, 27 Jun 2020 17:06:59 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id A39D8548441; Sun, 28 Jun 2020 02:06:54 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 9D0FA440043; Sun, 28 Jun 2020 02:06:54 +0200 (CEST)
Date: Sun, 28 Jun 2020 02:06:54 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Russ Housley <housley@vigilsec.com>
Cc: Brian Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Ben Kaduk <kaduk@mit.edu>, anima@ietf.org
Message-ID: <20200628000654.GD41058@faui48f.informatik.uni-erlangen.de>
References: <a0face89-da68-f75d-4a57-4deb9d0f244d@gmail.com> <20200617024412.GA11992@kduck.mit.edu> <9584c5cd-c68d-ddc3-0704-da672842e359@gmail.com> <FB6127DD-A111-4E40-A095-5E3C03AA6660@vigilsec.com> <9406.1592756905@localhost> <3A92516D-B980-4231-9059-EF7234BA8610@vigilsec.com> <20200627054056.GA35664@faui48f.informatik.uni-erlangen.de> <FF181E1F-2B93-47BB-AB45-7F66D880108B@vigilsec.com> <0bec7478-2661-71fe-2263-d0f5d3e75ba9@gmail.com> <020EE6AB-26B3-419B-8D5D-F573891E7293@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <020EE6AB-26B3-419B-8D5D-F573891E7293@vigilsec.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/8OMNMqHWA2YTPPTLditgM71gnSU>
Subject: Re: [Anima] Russ: Re: rfc822Name use in Autonomic Control Plane document
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2020 00:07:03 -0000
Thanks, Russ, inline On Sat, Jun 27, 2020 at 05:27:46PM -0400, Russ Housley wrote: > Brian: > > >> I think Brian actually made my point. While the filed contains an email address, using it as such would result in a delivery failure. The private key holder cannot be reached by this address. > > > > I don't see a requirement in RFC5280 that the email address in an rfc822name must be reachable, or that it must belong to the private key holder. > > We seem to be interpreting RFC 5280, Sections 4.1.2.6 and 4.2.16 differently. > > 4.1.2.6. Subject > > The subject field identifies the entity associated with the public > key stored in the subject public key field. The subject name MAY be > carried in the subject field and/or the subjectAltName extension. ... Yep. For purpose of ACP, we use rfc822Name, but the entity may get from registrar/CA other names too, such as any pre-existing, however formatted SN. > 4.2.1.6. Subject Alternative Name > > ... > > When the subjectAltName extension contains an Internet mail address, > the address MUST be stored in the rfc822Name. Yes. ACP does that. > The format of an > rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821]. > A Mailbox has the form "Local-part@Domain". Yes. ACP does that. > Note that a Mailbox has > no phrase (such as a common name) before it, has no comment (text > surrounded in parentheses) after it, and is not surrounded by "<" and > ">". Rules for encoding Internet mail addresses that include > internationalized domain names are specified in Section 7.5. Yes, ACP does that. > Section 4.1.2 of RFC 2821 provides the ABNF for the Mailbox. Yes, ACP matches that. Actually, when i did the ABNF, i had to go through a couple of RFC becaue 2821 was superceeded and i think i picked as references the now normative one, but have to go back and remember details. No actual change in the syntax AFAIK since rfc2821. > RFC 2821 says: > > As used in this specification, an "address" is a character string > that identifies a user to whom mail will be sent or a location into > which mail will be deposited. The term "mailbox" refers to that > depository. ... > > So, the mailbox is the place that email gets sent to. Do you think that this sentence makes an address of noreply@example.com an invalid email address given how it does not receive email ? And please do not conflate this discussion with the use in certificates, your discussion points about rfc2821 are non-considering any certificate work, as rfc5280 does not attempt to redecine anything. Would you also like to legislate what "user" means ? E.g.: would lamps-request@ietf.org, valid email address in your reading or does a user have to be a human ? In any case: ACP email address can perfectly well have mailboxes, You also did not repy to my expamples about other systems where email addresses are primarily used for non-mailbox purposes but still encoded in rfc822Name. I have seen no outlawing of this practice through IETF documents. Cheers Toerless > Russ -- --- tte@cs.fau.de
- [Anima] rfc822Name "abuse" in Autonomic Control P… Michael Richardson
- Re: [Anima] rfc822Name "abuse" in Autonomic Contr… Brian E Carpenter
- Re: [Anima] rfc822Name use in Autonomic Control P… Benjamin Kaduk
- Re: [Anima] rfc822Name use in Autonomic Control P… Michael Richardson
- Re: [Anima] rfc822Name use in Autonomic Control P… Eliot Lear
- Re: [Anima] rfc822Name use in Autonomic Control P… Brian E Carpenter
- Re: [Anima] rfc822Name use in Autonomic Control P… Russ Housley
- Re: [Anima] rfc822Name use in Autonomic Control P… Brian E Carpenter
- Re: [Anima] rfc822Name use in Autonomic Control P… Sean Turner
- Re: [Anima] rfc822Name use in Autonomic Control P… Benjamin Kaduk
- Re: [Anima] rfc822Name use in Autonomic Control P… Brian E Carpenter
- Re: [Anima] rfc822Name use in Autonomic Control P… Michael Richardson
- Re: [Anima] rfc822Name use in Autonomic Control P… Russ Housley
- Re: [Anima] rfc822Name use in Autonomic Control P… Benjamin Kaduk
- Re: [Anima] rfc822Name use in Autonomic Control P… Toerless Eckert
- Re: [Anima] rfc822Name use in Autonomic Control P… Brian E Carpenter
- [Anima] Russ: Re: rfc822Name use in Autonomic Con… Toerless Eckert
- Re: [Anima] rfc822Name use in Autonomic Control P… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] rfc822Name use in Autonomic Control P… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Brian E Carpenter
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Eric Rescorla
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Benjamin Kaduk
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Eric Rescorla
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Eric Rescorla
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Brian E Carpenter
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- [Anima] No certs for noreply (was: Re: Russ: Re: … Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] No certs for noreply (was: Re: Russ: … Russ Housley
- Re: [Anima] No certs for noreply (was: Re: Russ: … Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Russ Housley
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Eliot Lear
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Michael Richardson
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Toerless Eckert
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Michael Richardson
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Brian E Carpenter
- Re: [Anima] Russ: Re: rfc822Name use in Autonomic… Michael Richardson