IETF Logo Mail Archive

Re: [EAI] Shepherd report review of mailinglist-02

John C Klensin <klensin@jck.com> Fri, 13 July 2012 16:03 UTC

Return-Path: <klensin@jck.com>
X-Original-To: ima@ietfa.amsl.com
Delivered-To: ima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5BF21F872A for <ima@ietfa.amsl.com>; Fri, 13 Jul 2012 09:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.278
X-Spam-Level:
X-Spam-Status: No, score=-2.278 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUe7sBi7GpvC for <ima@ietfa.amsl.com>; Fri, 13 Jul 2012 09:03:41 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 6D77A21F8722 for <ima@ietf.org>; Fri, 13 Jul 2012 09:03:41 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <klensin@jck.com>) id 1SpiGX-0004QO-5G; Fri, 13 Jul 2012 11:58:49 -0400
Date: Fri, 13 Jul 2012 12:03:59 -0400
From: John C Klensin <klensin@jck.com>
To: John R Levine <johnl@taugh.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Message-ID: <6C34D20CA95EC47E952D8C22@JcK-HP8200.jck.com>
In-Reply-To: <alpine.BSF.2.00.1207130934580.95156@joyce.lan>
References: <CAF1dMVE+2_288HmqaFfqANyB1r+KzBYXQ37i0_Gm_x1w1COqVw@mail.gmail.com> <alpine.BSF.2.00.1207121737350.66870@joyce.lan> <B693E26DE56016D0E4FE6295@JcK-HP8200.jck.com> <50000609.4020509@it.aoyama.ac.jp> <alpine.BSF.2.00.1207130934580.95156@joyce.lan>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: EAI WG <ima@ietf.org>
Subject: Re: [EAI] Shepherd report review of mailinglist-02
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 16:03:42 -0000

--On Friday, July 13, 2012 09:36 -0400 John R Levine
<johnl@taugh.com> wrote:

>> Also, my proposal of different text for the "%-routing
>> problem", which is  clearer about the source of the problem,
>> in particular that it's an  implementation problem (correct
>> escaping/unescaping) and not an a-priori  problem, hasn't
>> been taken into account, and I don't know why.
> 
> I looked at your language, and it seemed to me less clear than
> what's there.  The problem is very simple, some MTAs mishandle
> addresses that contain % signs.  All we need to do is note it,
> not tell people how we think they should fix it or work around
> it.

Agreed, but I suggest that there are really two separate
problems.  The first is the one you mention.  The second is that
there is a mismatch between the MAILTO syntax and definition
(necessitated by the URI syntax) and the specification of 5321,
essentially 
"no one gets to interpret the local part string at all".  It is
correct to talk about that as an implementation problem, but it
is an implementation problem that is so widespread as to justify
security warnings, etc. Similar problems --and probably similar
appropriate warnings-- apply to the use of a number of special
characters (notably "+" and "/" in local parts versus the use of
those characters in URIs and HTML.  Not the fault of mailto, but
traps for the unwary.  And we have ample empirical evidence that
there are lots of unwary (or indifferent) implementers and
implementations out there.

These are important issues.  Probably RFC 3696 should be updated
some day to be more careful and explicit about it.  Or perhaps
5321 should be updated to complement the warning that while the
spec says that local-parts are case-sensitive one shouldn't
depend on it working with one that notes that, while the special
characters used in URIs are perfectly valid in local parts
according to the spec, one shouldn't plan on having them work
either.

But I see no advantages, and several disadvantages, of opening
up any of that discussion in this document.

Again, just my opinion and YMMD.

   john

v2.29.0 | Report a Bug | By Email | System Status