Re: [dane] case sensitivity and draft-ietf-dane-smime / draft-wouters-dane-openpgp

Paul Wouters <paul@cypherpunks.ca> Tue, 10 September 2013 20:09 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B16AD21E80AE for <dane@ietfa.amsl.com>; Tue, 10 Sep 2013 13:09:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5aVh5gOlA11R for <dane@ietfa.amsl.com>; Tue, 10 Sep 2013 13:09:11 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id BFC7021E80B8 for <dane@ietf.org>; Tue, 10 Sep 2013 13:09:10 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cZHPv5HN7z51L; Tue, 10 Sep 2013 16:09:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id nW7gwxBQH1b8; Tue, 10 Sep 2013 16:09:06 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Tue, 10 Sep 2013 16:09:05 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id ADE8E848E5; Tue, 10 Sep 2013 16:09:06 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A4F5E811F6; Tue, 10 Sep 2013 16:09:06 -0400 (EDT)
Date: Tue, 10 Sep 2013 16:09:06 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <8A7BC0FC-62F8-4883-8FDD-948AAF9DAB78@vpnc.org>
Message-ID: <alpine.LFD.2.10.1309101607020.4683@bofh.nohats.ca>
References: <alpine.LFD.2.10.1309091040120.14065@bofh.nohats.ca> <8A7BC0FC-62F8-4883-8FDD-948AAF9DAB78@vpnc.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: dane WG list <dane@ietf.org>
Subject: Re: [dane] case sensitivity and draft-ietf-dane-smime / draft-wouters-dane-openpgp
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 20:09:17 -0000

On Tue, 10 Sep 2013, Paul Hoffman wrote:

> On Sep 9, 2013, at 10:52 AM, Paul Wouters <paul@cypherpunks.ca> wrote:
>
>> It was brought to my attention by Matthias Wimmer that we overlooked
>> an important issue with respect to the base32 generation of the base32
>> encoded left hand side of the email address.
>
> "We" did not overlook that: as author, I made that decision completely purposefully.

Perhaps documentation of that decision belonged in the Security Section
of that document? :)

>> Mail servers and mail clients do not treat email addresses as
>> case-insensitive.
>
> That is sometimes-true statement.
>
>> When encoding an LHS with base32, the case matters.
>
> Yes, exactly. And so does internationalization.
>
>> Using the wrong case will cause you to not find the SMIMEA / OPENPGPKEY
>> record.
>
> Yep. And will cause you to sometimes send mail to the wrong recipient.

I'm really not okay with a protocol where I encrypt to the wrong key
based on the case of the email address.

>> We should probably add a section explaining this, and perhaps suggest to
>> lowercase before base32'ing the LHS for the lookup.
>
> Yes; no.
     [citation needed]

Paul