Re: [Anima] Russ: Re: rfc822Name use in Autonomic Control Plane document

[Toerless Eckert <tte@cs.fau.de>]

Thanks, Russ, inline

On Sat, Jun 27, 2020 at 05:27:46PM -0400, Russ Housley wrote:
> Brian:
> 
> >> I think Brian actually made my point.  While the filed contains an email address, using it as such would result in a delivery failure.  The private key holder cannot be reached by this address.
> > 
> > I don't see a requirement in RFC5280 that the email address in an rfc822name must be reachable, or that it must belong to the private key holder.
> 
> We seem to be interpreting RFC 5280, Sections 4.1.2.6 and 4.2.16 differently.
> 
> 4.1.2.6.  Subject
> 
>    The subject field identifies the entity associated with the public
>    key stored in the subject public key field.  The subject name MAY be
>    carried in the subject field and/or the subjectAltName extension.  ...

Yep. For purpose of ACP, we use rfc822Name, but the entity may get
from registrar/CA other names too, such as any pre-existing, however
formatted SN.

> 4.2.1.6.  Subject Alternative Name
> 
>    ...
> 
>    When the subjectAltName extension contains an Internet mail address,
>    the address MUST be stored in the rfc822Name.

Yes. ACP does that.

>    The format of an
>    rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].
>    A Mailbox has the form "Local-part@Domain".

Yes. ACP does that.

>    Note that a Mailbox has
>    no phrase (such as a common name) before it, has no comment (text
>    surrounded in parentheses) after it, and is not surrounded by "<" and
>    ">".  Rules for encoding Internet mail addresses that include
>    internationalized domain names are specified in Section 7.5.

Yes, ACP does that.

> Section 4.1.2 of RFC 2821 provides the ABNF for the Mailbox.

Yes, ACP matches that. Actually, when i did the ABNF, i had to go
through a couple of RFC becaue 2821 was superceeded and i think i picked
as references the now normative one, but have to go back and remember details.
No actual change in the syntax AFAIK since rfc2821.

> RFC 2821 says:
> 
>    As used in this specification, an "address" is a character string
>    that identifies a user to whom mail will be sent or a location into
>    which mail will be deposited.  The term "mailbox" refers to that
>    depository. ...
> 
> So, the mailbox is the place that email gets sent to.

Do you think that this sentence makes an address of noreply@example.com
an invalid email address given how it does not receive email ?

And please do not conflate this discussion with the use in certificates,
your discussion points about rfc2821 are non-considering any
certificate work, as rfc5280 does not attempt to redecine anything.

Would you also like to legislate what "user" means ? E.g.: would
lamps-request@ietf.org, valid email address in your reading or does
a user have to be a human ?

In any case: ACP email address can perfectly well have mailboxes,

You also did not repy to my expamples about other systems where
email addresses are primarily used for non-mailbox purposes
but still encoded in rfc822Name. I have seen no outlawing of
this practice through IETF documents.

Cheers
    Toerless

> Russ

-- 
---
tte@cs.fau.de