IETF Logo Mail Archive

Re: [Emailcore] A/S outstanding issue #51 (email addresses in HTML forms)

Barry Leiba <barryleiba@computer.org> Thu, 20 October 2022 18:47 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94676C14F745 for <emailcore@ietfa.amsl.com>; Thu, 20 Oct 2022 11:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.409
X-Spam-Level:
X-Spam-Status: No, score=-6.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2l-kJaGxjuMZ for <emailcore@ietfa.amsl.com>; Thu, 20 Oct 2022 11:47:02 -0700 (PDT)
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20EE4C14F725 for <emailcore@ietf.org>; Thu, 20 Oct 2022 11:47:02 -0700 (PDT)
Received: by mail-ed1-f48.google.com with SMTP id l22so891174edj.5 for <emailcore@ietf.org>; Thu, 20 Oct 2022 11:47:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GxRzwng5kFpXAe89qU306y7+NQHnlcxAGLmk8efxWG8=; b=P62XBwFsLY+S4lx2fmFskhlqURxfV+33Emv0JDGjda9QzLk3L5jdzO74zRGM7GUt1r DbL/+x2c+qhC1ME8RE3v/X+lH3V291ArnJ3/2W4rwtAulOJjSNeWD5rVyEgx3hEPM862 h3RNjIhLa2w206VWHx2nKC38buRPrFh5d9Z/R0AIH5Kyw2acB3/6715ExTW7i/z58S3w KBo5bK7paOt2KjHFR2GAGsTBJImPpGs5JPGqljUi15RVDXIQTPtn0ehjRGmuVM+0AHmU nIox6Du4GXHAd6/omvFIpXcdy6ieLhKcEc4ehHvTfcnbU3oCE1eZbsIK91N92QCbEKi6 8LWA==
X-Gm-Message-State: ACrzQf1S7488T3pmSNEYaLgdlI6rliCPXzBcHwQcvPOpyU7IBhPYp2cv asDnkvrCp65CANO3Na+pEu44drYlKFZtdqw+9FtTpte8
X-Google-Smtp-Source: AMsMyM6+Zb4dtG9EyMfjOGLZsuR3nGscAzMO7e3MUkdUIr77VH655xYqoWYH2wUd9x0ducO2MmphMsP4wcK8/QNHNvE=
X-Received: by 2002:a05:6402:3890:b0:451:ef52:8f9e with SMTP id fd16-20020a056402389000b00451ef528f9emr13601446edb.107.1666291620331; Thu, 20 Oct 2022 11:47:00 -0700 (PDT)
MIME-Version: 1.0
References: <20221007203938.49CCD4C1266B@ary.qy> <f4e4025f-82dc-4453-866c-8c8893f64421@app.fastmail.com> <5A01B9831F9D4C0D01CA61BB@JcK-HP5> <fd5dc688-621f-4f1e-97fd-0231dcff2232@app.fastmail.com> <7D9B45F3E50A3F0DBF3BAE98@JcK-HP5> <CALaySJJeM6myw0ZhmDp=-A-46WfutWNQdL0+iV-FXDA5HQ25Cg@mail.gmail.com> <9b021a56-e226-3a34-3a72-933ceaf724b5@fastmail.com> <CALaySJKbVOTmXijit-nZO2wasWVmoLkQCe6SF+_85Xe5zE9iQg@mail.gmail.com> <ed2c9cc2-3fa1-164b-186b-cc3a69706d36@fastmail.com>
In-Reply-To: <ed2c9cc2-3fa1-164b-186b-cc3a69706d36@fastmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 20 Oct 2022 14:46:48 -0400
Message-ID: <CALaySJ+G3ubuijhYx78pTeQtmq3CqZm2z1Ep7PEByvNn7gaViA@mail.gmail.com>
To: Ken Murchison <murch@fastmail.com>
Cc: John C Klensin <john-ietf@jck.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, emailcore@ietf.org, John R Levine <johnl@taugh.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/h3TIOk86O-NiHoqu_X-7AnfaZa8>
Subject: Re: [Emailcore] A/S outstanding issue #51 (email addresses in HTML forms)
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 18:47:06 -0000

I certainly think that all this is more than just HTML forms.

b

On Thu, Oct 20, 2022 at 2:43 PM Ken Murchison <murch@fastmail.com> wrote:
>
> Thanks Barry,
>
> Are we intending for this new text to apply only within the context of
> Section 3.2 (HTML Forms) or should this be considered more general guidance?
>
> I'm also wondering if the point regarding "plus" addressing is more
> general guidance rather than limited to just HTML forms.
>
>
>
> On 10/20/22 2:34 PM, Barry Leiba wrote:
> >> I look forward to your proposed text.  If you can post it and/or send it
> >> to me, I can get it in the A/S update that I intend to post before the
> >> deadline on Monday.
> > Here is text that I proposed adding after the paragraph Ken proposed
> > for the new Section 3.2:
> >
> > ADD
> >
> > In particular, SMTP specifies that the local-part of an email address
> > is case-sensitive (see Section 2.4 of
> > [I-D.ietf-emailcore-rfc5322bis]):
> >
> >     The local-part of a mailbox MUST BE treated as case sensitive.
> >     Therefore, SMTP implementations MUST take care to preserve the case
> >     of mailbox local-parts.  In particular, for some hosts, the user
> >     "smith" is different from the user "Smith".  However, exploiting the
> >     case sensitivity of mailbox local-parts impedes interoperability and
> >     is discouraged.
> >
> > While case-sensitivity is specified as an absolute requirement, it is
> > important to stress that most implementations do not make case
> > distinctions in local parts (most treat “smith”, “Smith”, and “SMITH”
> > as the same), and most implementations do preserve the case that is
> > received (from SMTP or HTTP, from address books, or from user input).
> > Maximum interoperability will be achieved by keeping local-parts
> > unchanged (and especially making no attempt to change their case in
> > any way) and by assuming that local-parts that differ only in their
> > case probably refer to the same mailbox.  This is particularly
> > important for software that validates user-input fields, where case
> > changes are tempting, but must be avoided.
> >
> > It is also important to note, as we encounter non-ASCII local-parts
> > over time, that case changes are both character-set dependent and
> > language dependent, and attempts to change case without having the
> > full context necessary are likely to be wrong often enough to matter.
> >
> > END
> >
> > I also wonder if, somewhere, we should say that new implementations
> > SHOULD make local-parts that differ only in their case refer to the
> > same mailbox, thus strengthening the "is discouraged" from the SMTP
> > spec.  We might also be able to get away with moving from "is
> > discouraged" to some SHOULD NOT wording in SMTP, while still moving to
> > Internet Standard.
> >
> > Barry
> >
> >> On 10/17/22 10:53 AM, Barry Leiba wrote:
> >>> Process: I think that it we change the case-sensitivity of local-part,
> >>> we are no longer in an Internet Standard path, but would have to go
> >>> back to Proposed Standard.
> >>>
> >>> I think the best approach for us now is to leave the text in 5321bis
> >>> that's in Section 2.4, which discourages case-sensitivity, to put very
> >>> clear text in the AS that actually using case-sensitive local-part is
> >>> bad for interoperability and will break with a lot of current software
> >>> that assume insensitivity, however incorrectly, and to thus have the
> >>> AS highlight that discouragement.
> >>>
> >>> The result would be that the formal grammar would still allow
> >>> case-sensitive local-part and SMTP would still normatively say, "The
> >>> local-part of a mailbox MUST BE treated as case sensitive.  Therefore,
> >>> SMTP implementations MUST take care to preserve the case of mailbox
> >>> local-parts."  (Except that the "BE" should be in lower case... JCK
> >>> please note.)  But it also would still say, "However, exploiting the
> >>> case sensitivity of mailbox local-parts impedes interoperability and
> >>> is discouraged," and the AS would follow up on that part.
> >>>
> >>> I'm working on some text to propose for the AS in line with what I'm suggesting.
> >>>
> >>> Barry
> >>>
> >>> On Mon, Oct 17, 2022 at 10:32 AM John C Klensin <john-ietf@jck.com> wrote:
> >>>>
> >>>> --On Monday, 17 October, 2022 14:35 +0100 Alexey Melnikov
> >>>> <aamelnikov@fastmail.fm> wrote:
> >>>>
> >>>>> Hi John,
> >>>>>
> >>>>> On Mon, Oct 17, 2022, at 2:25 PM, John C Klensin wrote:
> >>>>>> As participant only...
> >>>>> Likewise.
> >>>>>
> >>>>>> --On Monday, 17 October, 2022 14:00 +0100 Alexey Melnikov
> >>>>>> <aamelnikov@fastmail.fm> wrote:
> >>>>>>
> >>>>>>> Hi John,
> >>>>>>> I agree with you that we should say a bit more about
> >>>>>>> problematic cases. Possible add something like your text
> >>>>>>> after the paragraph that Ken suggested.
> >>>>>>>
> >>>>>>> Some specific comments below:
> >>>>>>>
> >>>>>>> On Fri, Oct 7, 2022, at 9:39 PM, John Levine wrote:
> >>>>>>>> It appears that Ken Murchison  <murch@fastmail.com> said:
> >>>>>>>>> I have crafted the following text for this issue:
> >>>>>>> ...
> >>>>>>>> If we are going to stick our foot into this swamp at all, I
> >>>>>>>> think we should dive in and describe the popular ways that
> >>>>>>>> non-mail systems screw up mail addresses such as
> >>>>>>>>
> >>>>>>>> * Everyone assumes ASCII upper and lower case are
> >>>>>>>> equivalent. Many turn addresses into all upper or all lower
> >>>>>>>> before sending
> >>>>>>> Yes, I think we should this.
> >>>>>> Agreed, but "everyone" is too strong and therein lies the
> >>>>>> problem.  A bit more needs to be said to discourage the
> >>>>>> practices and/or to predict occasional problems when those
> >>>>>> transformations are made.
> >>>>> I think enough systems assume ASCII case-insensitivity that
> >>>>> insisting that they are not is not going to work in many
> >>>>> cases. I am afraid the boat has sailed on enforcing this one.
> >>>> Then someone should be proposing that we change 5321bis, not
> >>>> just make a comment in the A/S.  Either way, this increases my
> >>>> concern about excluding SMTPUTF8 comments/advice from the A/S.
> >>>> Based on the "case sensitive local parts" requirement, the EAI
> >>>> WG decided that it did not need to explicitly insist on that.
> >>>> However, if we say something equivalent to "it is ok to assume
> >>>> that local-parts of addresses are case-insensitive because
> >>>> everyone else does", then we probably need to be clear that, in
> >>>> general, that does not apply to non-ASCII addresses in either
> >>>> the local-part or, if expressed in UTF-8 rather than Punycode
> >>>> encoding, the domain part. The A/S already steps rather far into
> >>>> that swamp by saying that Internationalized Email SHOULD be
> >>>> supported in Section 2.4 (incidentally the citation there is
> >>>> wrong).  And then we probably need to figure out whether those
> >>>> who assume case insensitivity for ASCII also assume it for
> >>>> non-ASCII Latin script strings.  A reasonable, but naive,
> >>>> assumption is that it should ("after all, what difference does a
> >>>> diacritical make?") but the reality is that it does not work for
> >>>> many cases.
> >>>>
> >>>> (( Example for those who have avoided immersion in the i18n
> >>>> swamp: for some languages, in some localities, the upper case of
> >>>> "á" (U+00E1) is "A" (U+0041).   Now, in a context in which
> >>>> SMTPUTF8 addresses are allowed, what is the lower case of
> >>>> "ABC@EFG".  If one assumes, a priori, that is an ASCII string,
> >>>> then "abc@efg" is a reasonable (and correct and unique) answer.
> >>>> But what if the "real" address was "ábc@éfg" and someone got
> >>>> "ABC@EFG" by applying a "drop the diacritical marks when going
> >>>> to upper case" rule?   The Unicode Case Mapping and Case Folding
> >>>> rules prevent doing that, but the SMTPUTF8 specs don't reference
> >>>> them as useful operations.   And, at the risk of invoking an
> >>>> issue that brought about conflicting standards in the IDN world,
> >>>> the character "ß" (U+00DF) does not have a distinct upper case
> >>>> form... except when it does.  Those are just example that should
> >>>> be at least mostly understandable to those reading this: there
> >>>> are cases that are arguably much worse.  ))
> >>>>
> >>>> So, if we are going to say something in the A/S that essentially
> >>>> changes the requirement, we'd better write it very carefully --
> >>>> and probably explicitly include RFC 6530ff in its scope.
> >>>>
> >>>>>>> ...
> >>>> More generally, as non-ASCII email addresses (even ASCII local
> >>>> parts with IDNs expressed in UTF-8 not Punycode) become more
> >>>> prevalent and especially if the A/S is going to put a SHOULD on
> >>>> Internationalized Address support, I am becoming convinced that
> >>>> we would be performing a real disservice to the international
> >>>> email community, as well as nearly contradicting ourselves, by
> >>>> pretending that issues like the above by ignoring the i18n
> >>>> issues and, in particular, saying "ASCII addresses" and assuming
> >>>> the reader will understand all of those subtleties .
> >>>>
> >>>> (A/S co-author hat momentarily back on.)
> >>>> Ken, unless someone sees a way to avoid the i18n issues that I
> >>>> don't and can quickly get what appears to be WG consensus behind
> >>>> it, I believe the next draft should include (at least) a
> >>>> placeholder section after the current Section 4 (" MIME and Its
> >>>> Implications") called "Internationalization of Addresses and
> >>>> Headers and Its Implications" or words to that effect.
> >>>>
> >>>> And I hope that at least some of those who are actively
> >>>> promoting the use of SMTPUTF8 addresses and also following this
> >>>> list will do some writing rather than either expecting me to do
> >>>> it or assuming the correct text will magically appear.
> >>>>
> >>>> best,
> >>>>       john
> >>>>
> >>>>
> >>>>      best,
> >>>>        john
> >>>>
> >>>> --
> >>>> Emailcore mailing list
> >>>> Emailcore@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/emailcore
>
> --
> Kenneth Murchison
> Senior Software Developer
> Fastmail US LLC
>

v2.23.0 | Report a Bug | By Email