[dane] proposed text for openpgpkey email translation rules
Paul Wouters <paul@nohats.ca> Thu, 26 February 2015 14:33 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8111A0155 for <dane@ietfa.amsl.com>; Thu, 26 Feb 2015 06:33:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EtzlpzO1tUzJ for <dane@ietfa.amsl.com>; Thu, 26 Feb 2015 06:33:24 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BCEE1A0149 for <dane@ietf.org>; Thu, 26 Feb 2015 06:33:24 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ktGgz70Lpz6G; Thu, 26 Feb 2015 15:33:19 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=k0D8NQAI; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 1vCxaSLrA3Eq; Thu, 26 Feb 2015 15:33:18 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 26 Feb 2015 15:33:18 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 11671813B1; Thu, 26 Feb 2015 09:33:18 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1424961198; bh=jtAgkROT8eapSBqwhGLwv97Jt7qhEGmzOkeE4GMoyPQ=; h=Date:From:To:cc:Subject; b=k0D8NQAIwJdxXyRLsMeTjFFC/mm4LwSP7gTeu4I/usaeWFpj3HjO7392KgkwRMXM0 u2Cc3bDg4s7Kr0vkPj7Ez/7GJd6Dy8gJvXGCCuq4pokpyg6T/OXnFoeP9x5BxM6nZF w8rXpl81nk1KEcgFE0Dk8jdY+Tv6TBT8SmJk3n+M=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t1QEXHNH029198; Thu, 26 Feb 2015 09:33:17 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Thu, 26 Feb 2015 09:33:17 -0500
From: Paul Wouters <paul@nohats.ca>
To: Brian Dickson <brian.peter.dickson@gmail.com>, Viktor Dukhovni <ietf-dane@dukhovni.org>
Message-ID: <alpine.LFD.2.10.1502260917350.28451@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="ISO-8859-15"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/95pccNGkLdsjAWEorQwDGaceEz8>
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: [dane] proposed text for openpgpkey email translation rules
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 14:33:31 -0000
On Wed, 25 Feb 2015, Brian Dickson wrote: > To use the gmail example, I just did a test. > > I was previously unaware of the "s/\.//g" behavior. But, it is real. > > So, I sent mail to a never-before-used variant of my name, "br.i.an" instead of "brian". > Lo and behold, it was delivered to my mailbox. > > If the goal was to preserve this behavior, while having MUAs look up keys, without a policy mechanism, it would be necessary to publish > 2^(N-1) records for every name of length N. > > If the average length of a name were 11 characters, then 2^10 = 1024 records would be needed per user. > This takes O(10e9) and turns it into O(10e12), of thing which have to be hashed, signed, and then NSEC/NSEC3-ified. > > So, the publishing side takes a disproportionate hit. > > Have the client understand a very limited set of case-folding rules, which could be used universally, is clearly preferable, even to the > client, IMHO. Agreed. I think the document(s) should stay away from interpreting the LHS. But it would be worth adding a subsection into the Location section. How about: 3.1 Email address variants Most SMTP servers treat the user part of the email address as case insensitive. This means that "Hugh@example.com" could be different email address from "hugh@example.com" but both email addresses would end up at the same enduser. The OPENPGPKEY lookup for both addresses would result in a different SHA-224 value. As some input methods to email clients auto-correct to using an uppercase for a first name, an email client supporting this document might want to interact with the user and try a lower-cased username for an OPENPGPKEY lookup. Other mail servers allow other kind of email translation rules, such as automatically matching "username+anystring@example.com" to "username@example.com", or allowing "." characters to be placed anywhere in the address so "first.last@example.com" matches "firstlast@example.com". While publishers can add duplicate or CNAME entries for the OPENPGPKEY records to match these variants, email clients might want to try some (obvious) variations. I think this would also apply to the SMIMEA document. Paul
- [dane] proposed text for openpgpkey email transla… Paul Wouters