IETF Logo Mail Archive

Re: [openpgp] User ID conventions (it's not really a RFC2822 name-addr)

Jon Callas <joncallas@icloud.com> Thu, 19 September 2019 18:10 UTC

Return-Path: <joncallas@icloud.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2305120914 for <openpgp@ietfa.amsl.com>; Thu, 19 Sep 2019 11:10:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHoRw74UVl5A for <openpgp@ietfa.amsl.com>; Thu, 19 Sep 2019 11:10:00 -0700 (PDT)
Received: from mr85p00im-ztdg06021701.me.com (mr85p00im-ztdg06021701.me.com [17.58.23.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDF2012090C for <openpgp@ietf.org>; Thu, 19 Sep 2019 11:10:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1568916600; bh=qqomHgIly8warzbT62DPkjsGCS9dKyLqohOzP/2u6hg=; h=Content-Type:Subject:From:Date:Message-Id:To; b=WLsK0dvvR4F7DTjGQGksJITqwpGRuDaxSRmVhrm7CzBH3tNkfPCmPGLyXqQ1tJNNj 4LfStW3EjCRS3yb7cE8V/uGNXI2FffUlfzLX9CN7tEmPlEFESKByfs4gaLxrJ3+f8g G0GopO672f67xCZThgs8MDvePhoyMpLc14cWdH3Ka2nVv4ztJ2D4jidPy2H3LJGQgk KK5sLVQ0G3tSek2jIpVe3GBYQtwiX2O/IwfgaSIjT6fpFXvv5QJZ4qc/4Y8AB4kjkA KBOXbYf3/n5rtxA2gYStsQadXC6XJ22CCg+skT+mRYStDc0fIns8MXnvK94BVzoCVc l2jyr+RPtLG3w==
Received: from [10.125.12.162] (67-207-120-150.static.wiline.com [67.207.120.150]) by mr85p00im-ztdg06021701.me.com (Postfix) with ESMTPSA id 24414A00C30; Thu, 19 Sep 2019 18:09:59 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <87woe7zx7o.fsf@fifthhorseman.net>
Date: Thu, 19 Sep 2019 11:09:58 -0700
Cc: Jon Callas <joncallas@icloud.com>, openpgp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3AC1C32D-E2DE-43A0-A35A-1E7420E77980@icloud.com>
References: <87woe7zx7o.fsf@fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-19_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=705 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1909190152
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QvLAvd0r7JbZFAODBLEJOpWYNz0>
Subject: Re: [openpgp] User ID conventions (it's not really a RFC2822 name-addr)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 18:10:02 -0000

> I'd like to have a clearer undersatnding about the actual conventions
> for OpenPGP User IDs in the context of e-mail.  The standards currently
> say that the convention is an RFC2822 "name-addr", but (as detailed
> below), that does not appear to be the actual convention in practice.

A simple place to start is that RFC 6531 seems to be the present upgrade/replacement for RFC2822. There have been interim ones and I didn't spend a lot of time sorting out details. Whatever the present successor is, let's just call it R.

> 
> While we're updating RFC 4880, we should fix the standards to reflect
> reality.  There are two proposals at the end that i'd love feedback on.
> I prefer proposal 2.

I think I do, too, with your addenda. 

Rewinding to history and second if not first principles, the User ID field is ideally free-form text. The most common free-form text is an email address, and that's described by R, and I think your proposal 2.

However, there are a lot of places where people have put human-readable text in (e.g. "XYZ Group Release Signing Key") that doesn't have a machine readable context at all. There have also been X.500 Distinguished Names, Common Names, and so on put there. There have been other outré uses as well. As long as we don't end up with it being *precisely* an email address, meaning that we outlaw just plan text, I think it's fine.

At one time, I really wanted User Attribute Packets (created for having images as IDs), to have other types of structured data including email addresses. The reasons for not doing it then (it's a pain, and who's going to support it) apply today. It's still a good idea, though.

If whatever you come up with precludes text with no machine meaning, I think you hit the flip side of having a defined type of ID: there's lots of things that already don't meet it, and people will just ignore what's there because history.

Operationally, I think that supporting Just Text merely means that if the field fails parsing rules (like Proposal 2) then it's Just Text and we're moving on.

	Jon

v2.23.0 | Report a Bug | By Email