IETF Logo Mail Archive

Re: [I18ndir] HTML, email addresses, etc

Nico Williams <nico@cryptonector.com> Wed, 10 June 2020 21:18 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: i18ndir@ietfa.amsl.com
Delivered-To: i18ndir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EE4E3A150E for <i18ndir@ietfa.amsl.com>; Wed, 10 Jun 2020 14:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DcvAypwWM3Q for <i18ndir@ietfa.amsl.com>; Wed, 10 Jun 2020 14:18:46 -0700 (PDT)
Received: from blue.elm.relay.mailchannels.net (blue.elm.relay.mailchannels.net [23.83.212.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E958D3A150A for <i18ndir@ietf.org>; Wed, 10 Jun 2020 14:18:45 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id D163F401A6B; Wed, 10 Jun 2020 21:18:44 +0000 (UTC)
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (100-96-2-93.trex.outbound.svc.cluster.local [100.96.2.93]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 32A96400CEF; Wed, 10 Jun 2020 21:18:43 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.8); Wed, 10 Jun 2020 21:18:44 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Wipe-Turn: 203673840be69e01_1591823924643_2151204453
X-MC-Loop-Signature: 1591823924643:3396079884
X-MC-Ingress-Time: 1591823924643
Received: from pdx1-sub0-mail-a89.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTP id DF9359D708; Wed, 10 Jun 2020 14:18:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=zUk9Am/yLTXxro UOlykYSVGPa98=; b=Y/JYtB09ciDruE7n+rY+WV3dhoy2XWBf9ZdjVxjhXIKEIR lENrsIy6kDzmYdS+aFwoxIIb4D4IA20x3IXTRcm5gpmEzBgV2AkQkYlmlm2kOMvb KSZv4Tfo40ik6SqjEZrUTltPs0Bp8dgLSz22+Og2ObH9U8yM/6TihtpoqhIEc=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a89.g.dreamhost.com (Postfix) with ESMTPSA id 2FCC09D70C; Wed, 10 Jun 2020 14:18:40 -0700 (PDT)
Date: Wed, 10 Jun 2020 16:18:36 -0500
X-DH-BACKEND: pdx1-sub0-mail-a89
From: Nico Williams <nico@cryptonector.com>
To: John C Klensin <klensin@jck.com>
Cc: i18ndir@ietf.org
Message-ID: <20200610211834.GG3100@localhost>
References: <B7D61128A7109785BD555955@jkacere15>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B7D61128A7109785BD555955@jkacere15>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrudehiedgudeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecuggftrfgrthhtvghrnhepjeeltdejjeffjedtfeduhfegudduvdegudekvdeltdehvdffvddvudfhveffveeunecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/i18ndir/OijgBz4zacYHR78jSXqAAyqoYdU>
Subject: Re: [I18ndir] HTML, email addresses, etc
X-BeenThere: i18ndir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Internationalization Directorate <i18ndir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i18ndir>, <mailto:i18ndir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i18ndir/>
List-Post: <mailto:i18ndir@ietf.org>
List-Help: <mailto:i18ndir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i18ndir>, <mailto:i18ndir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 21:18:47 -0000

On Sun, Jun 07, 2020 at 11:46:31PM -0400, John C Klensin wrote:
> Hi.
> 
> The following comments by John Levine and myself might be
> relevant to people on this list.  
> 
> https://github.com/whatwg/html/issues/4562#issuecomment-640070477

I'm not sure that we need a new input type for EAI addresses.  If the
user types in non-ASCII, then presumably *they* know that the domain can
handle EAI.

Another way to put it is that if we did add a new input type, should
developers build websites where the user must pick whether to enter an
EAI or not?  Or should developers just always use the new input type?

(Answer to the second question: No! First the page must detect whether
the browser supports the new input type!)

If we add a new input type, then after a while that will be all that is
used.  Ergo it's not needed.

The mere fact that the user typed in an internationalized mailbox name
is all the evidence we need that it is likely that the domain supports
EAI.

You could say that because *your* system doesn't support EAI for
outbound email, you won't accept it as input.  _This_ could be a new
option on the input.

> (1) We could try to clarify the SMTPUTF8 specs by noting the
> difficulties associated with trying to determine whether a
> purported email address is valid or not, especially in the light
> of fairly clear language in RFC 5821 that only the system (or
> set of systems) actually hosting that address can know and the
> greater diversity of troubles people can get themselves into
> with a nearly-unlimited range of Unicode code points rather than
> just ASCII.

Ulitmately, the true right way to validate a mailbox name is to ask its
MTA to validate it.

> (2) We could actually modify those specs to prohibit, or
> strongly recommend against, allocating email addresses whose
> local-parts contain anything but Unicode code points associated
> with graphics, or even letters, digits, and a small selection of
> symbols (possibly bringing the local-part recommendations close
> to a PRECIS profile).   Or perhaps a different set of
> restrictions. Might prevent a certain amount of mischief
> associated with excess cleverness or strange (to me) ideas about
> freedom of expression although I not sure it would have any
> significant value against deliberate attacks.

I feel like saying no to (2).  Requiring that mailbox names be printable
is OK, but I wouldn't forbid, say, emoji.

Nico
--

v2.23.0 | Report a Bug | By Email