Re: [Anima] rfc822Name use in Autonomic Control Plane document

Benjamin Kaduk <> Sun, 21 June 2020 17:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8CF4F3A0769 for <>; Sun, 21 Jun 2020 10:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AJfR1QHKlt2T for <>; Sun, 21 Jun 2020 10:17:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4B1D73A0764 for <>; Sun, 21 Jun 2020 10:17:02 -0700 (PDT)
Received: from ([]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.14.7/8.12.4) with ESMTP id 05LHGvoF024369 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 21 Jun 2020 13:16:59 -0400
Date: Sun, 21 Jun 2020 10:16:56 -0700
From: Benjamin Kaduk <>
To: Michael Richardson <>
Cc: Russ Housley <>, Brian Carpenter <>,
Message-ID: <>
References: <11428.1592266833@localhost> <> <> <> <> <9406.1592756905@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9406.1592756905@localhost>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <>
Subject: Re: [Anima] rfc822Name use in Autonomic Control Plane document
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 21 Jun 2020 17:17:05 -0000

On Sun, Jun 21, 2020 at 12:28:25PM -0400, Michael Richardson wrote:
> Russ Housley <> wrote:
>     > One cannot send email to the character string in this specification, so
>     > it should not be carried in the rfc822name.
> You can send email to that character string if you configure the MX.
> It was designed specifically to accomodate that.
> I objected at the time: I thought it was a stupid feature, that no sensible IKEv2 daemon
> was going to have to send/receive email.
> But, Toerless was paranoid that if we did anything at all out of the
> ordinary, that the corporate CA people, in order to protect their fiefdom,
> would freak out and throw some huge roadblock in the way of deploying the ACP.

I note that the -24 discusses creating a single mailbox rfcSELF@<domain>,
which receives mail for *all* ACP identities in the domain, yet we are
in other parts of the document claiming that these identities are distinct
and in many cases will be granted different authorizations.  If these
identities are supposed to be equivalent in the "RFC 822" sense, then it
seems inconsistent to use the rfc822Name field (which sees them as
equivalent) yet treat them as distinct entitites.