Re: [dane] email canonicalization for SMIMEA owner names

Christian Rößner <> Thu, 11 December 2014 22:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3D6D81A8AA9 for <>; Thu, 11 Dec 2014 14:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.351
X-Spam-Status: No, score=-3.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uSnR_HyDTQhw for <>; Thu, 11 Dec 2014 14:35:30 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2C93E1A8A9D for <>; Thu, 11 Dec 2014 14:35:30 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Thawte DV SSL CA" (verified OK)) by (Postfix) with ESMTPS id 3jz91r2z51zGp6N; Thu, 11 Dec 2014 23:35:28 +0100 (CET)
Received: from [] ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Christian Roessner", Issuer "RootCA (c) 2014" (verified OK)) (Authenticated sender: by (Postfix) with ESMTPSA id 3jz91q6JDPzMlPk; Thu, 11 Dec 2014 23:35:27 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=swioBi3opho; t=1418337328;; bh=b0t7FOAkq19vvK7nIJZo7C528/H7Nv9kDLNBFzynOv8=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=l+8UzbwCYC14rhmMedT+UOwqCTKDOakrMQreeb3GCfAwPknspcuYmpsTXonZeZuch Ooulw5QqwLY+OiAzDoynqtwYYevBO5PzRkCbArg803INKj62dcMnCFupgfxhVgodX4 gAEUflOmjkVTkGLoVUEgJxfrjPYQWTrIZz0YyNW0t0jeJkjJWpaFNSUYel45mIRyNB OVm1cEPy4+h976kIR78rrzFuO+JWaNS0tGiRzlq6AR1QXmT0PvHA7Al74MqFW1675F VZ5fZpWKNfYVyC+EO3dZADcWOSqbn37DA+2A6tIT4N9FJQZd6Yzm4i7jKgr4ERefY5 nIUq4tvcBG1ow==
Content-Type: multipart/signed; boundary="Apple-Mail=_C1A51581-AAE5-4B4F-9CE6-A440A679007E"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2063\))
From: Christian Rößner <>
In-Reply-To: <>
Date: Thu, 11 Dec 2014 23:35:24 +0100
Message-Id: <>
References: <>
To: "Rose, Scott W." <>
X-Mailer: Apple Mail (2.2063)
X-Outgoing: 0.2.0_alpha1
Cc: dane WG list <>
Subject: Re: [dane] email canonicalization for SMIMEA owner names
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Dec 2014 22:35:33 -0000


> Am 11.12.2014 um 20:51 schrieb Rose, Scott W. <>:
> Realized the other action item I was assigned to from the interim meeting was email canonicalization for SMIMEA.  I believe it stems from Viktor Dukhovni's email to the endymail list:
> I was wondering if we can borrow a page from RFC 4034 Section 6.2 and include text in the draft Section 3, item 1 in the numbered list:
>     1.   The user name (the "left-hand side" of the email address, called
>       the "local-part" in the mail message format definition [RFC2822]
>       and the "local part" in the specification for internationalized
>       email [RFC6530]), is hashed using the SHA2-224 [RFC5754]
>       algorithm (with the hash being represented in its hexadecimal
>       representation, to become the left-most label in the prepared
>       domain name.  This does not include the "@" character that
>       separates the left and right sides of the email address.  The
>       string that is used for the local part is a Unicode string
>       encoded in UTF-8 **with all upper case letters converted to their
>       corresponding lower case letters where appropriate.**
> The text between the '**' is new.  The goal is to prevent a situation when the email address is "" and the SMIMEA is created using "jrandom" as the user name.   Would this be enough, or are there scripts where this would result in different or potentially conflicting owner names?  

sorry, if my answer might be a little bit off-topic. When the draft for SMIMEA was posted the first time, I wrote to someone here on the list off-list. I asked, why to use SHA2-224 for the local part of an email address. I thought about useability for many of records in DNS for a large company. That seeing only hashes and nothing readable would make it nearly impossible to find a record again manually without technical help.

So I thought about punycode RFC3492. I know the RFC might only be for domains, but I asked myself, why this would not be applied to a local part as well.

Many countries would benefit from such a representation, because the have parts of the latin alphabet and therefor just a hand full of characters would need conversion.

I am a layperson, so these are just my ideas and there might exists good reasons, why this is not applicable. But at least I did not want to miss the chance to bring up this discussion.

And sorry, if this is not 100% answer to this thread. At least it focuses on parts of the SHA2-224 and I wanted to give an optional view.

Kind regards

Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613,