Re: Case distinctions as theoretical exercise

Phillip Hallam-Baker <> Tue, 15 March 2016 16:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6959D12DB33 for <>; Tue, 15 Mar 2016 09:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IpgOJ6rBSOXW for <>; Tue, 15 Mar 2016 09:28:14 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 45BD312D505 for <>; Tue, 15 Mar 2016 09:28:14 -0700 (PDT)
Received: by with SMTP id k12so30212681lbb.1 for <>; Tue, 15 Mar 2016 09:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=Lksp9bNClyNdDbCICkfwOcm3RiPAFSFGQFGbU6alb8Q=; b=L3Utmz1yFmIV5mWYp4E/QwFPvsFrbvf65uA1iMs82m3D87wPb7OjxHNWclj1QMJjOJ kd1xPpJdXZOFaB+W4MItorzxwLf/4g4Su+7QkgLUvLjoBrcQy+sjn8WXPzhh8RtSFoDn G+RCdoTWHCcyY9b1N3d6PX7g5cb5VSQ5fV2xWVCp8bYImAFKThnqdqMomvGsCXWAQezt w40GDqG8d3IywnB/K4fQFIw8MygekCxBKEtckI2A2o4nYLbKRwsnHsI3myP90oGizsDd bdJqw7FdcVCY3wUyfrL2mBS8CdtKNWmf6kz3HrbM1aUvN126ZBU0QS+Ds78FXePgj95t jrhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Lksp9bNClyNdDbCICkfwOcm3RiPAFSFGQFGbU6alb8Q=; b=dBvbNWz5y1D8Od+O+1zHjDDqSsX6DvOlBeVkbcNtnsROu4GLbuNMRoG/YH+Ojp/zsN wAr6GAyIBf4Cq1jy7TZXkWlI4nJbIos0O6OW38aquWkzgBhHlMsB4aSMi+WQxzJ2kJ0U M8k0pA3bE8DLTUMNcVPd05AwUC4f0NyGrjvN7ALuwDSDrMgl+idtFWS6rBZjTjwB0RzW lpf9d0MrnA89fYxgA1DkTB5M8TD5NT7/EjHXqvgjj2c3PQ+jKga52+EYYNZgy3sOG11O LiUMWRr8AtDthZEGzEjG01X2HCIHoo9cUfq12M6JQuVuqK6blZtYHnAQYsWtYMYwpYrR 8EWg==
X-Gm-Message-State: AD7BkJKkrXvPl26d1SBzy/OnXUC0yO8ygAKzh2GDDxxaYrh1ip7Dg76lWCzaztpUh1B4aRIFv5PBuqWDnOgyww==
MIME-Version: 1.0
X-Received: by with SMTP id m6mr10452181lbd.142.1458059292169; Tue, 15 Mar 2016 09:28:12 -0700 (PDT)
Received: by with HTTP; Tue, 15 Mar 2016 09:28:12 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <>
Date: Tue, 15 Mar 2016 12:28:12 -0400
X-Google-Sender-Auth: zbHmPeQaTbA134RnoKUo9NNtvIQ
Message-ID: <>
Subject: Re: Case distinctions as theoretical exercise
From: Phillip Hallam-Baker <>
To: Doug Barton <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: John C Klensin <>, Paul Wouters <>, IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Mar 2016 16:28:16 -0000

Oh come on.

I am sure that you can sort the problem out with some sort of rule
such as 'if case matters, use punycode for upper case'.

It won't of course because people have been trying and failing to put
account information into the DNS since the first DNS specs. The number
of people who can configure DNS that way are maybe 5% of the total
base. Big enterprises can't do it because the DNS is an infrastructure
for describing hosts and they have other infrastructures for tracking
people. Small enterprises can't do it because if you don't run your
own DNS, you are left entering RRs through Web interfaces that only
recently started supporting SRV.

Let these folk get on with their experiment so that they can learn
what others have learned before for themselves.

The only way you could do that sort of thing with DNS records is if
you were doing something like S/MIME and you had a LRA for the domain
with its own root or intermediate cert and published an authenticator
for that in the DNS. then you could put a link to your directory where
account granular lookup can be performed in the DNS next to it.

This fits S/MIME a lot better than OpenPGP because it is already
hierarchical. Of course you can do the same thing with OpenPGP but the
cost is that you are imposing the DNSSEC hierarchy on OpenPGP.

This is not a solution, it is a distraction. But the sooner they get
started on learning the problems themselves, the sooner we can get
onto the next thing.