Re: [openpgp] OpenPGP Web Key Directory I-D

"brian m. carlson" <sandals@crustytoothpaste.net> Fri, 09 November 2018 21:27 UTC

Return-Path: <sandals@crustytoothpaste.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A330512008A for <openpgp@ietfa.amsl.com>; Fri, 9 Nov 2018 13:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (3072-bit key) header.d=crustytoothpaste.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gx_kPdKrliD7 for <openpgp@ietfa.amsl.com>; Fri, 9 Nov 2018 13:27:17 -0800 (PST)
Received: from injection.crustytoothpaste.net (injection.crustytoothpaste.net [192.241.140.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE13129619 for <openpgp@ietf.org>; Fri, 9 Nov 2018 13:27:17 -0800 (PST)
Received: from genre.crustytoothpaste.net (unknown [24.240.240.68]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by injection.crustytoothpaste.net (Postfix) with ESMTPSA id 7CB0D6077B; Fri, 9 Nov 2018 21:27:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1541798834; bh=KrQpGjDdJAQCUEHYZpfXAdOX/rqm3+dAp2jjARZxOh8=; h=Date:From:To:Subject:References:Content-Type:Content-Disposition: In-Reply-To:From:Reply-To:Subject:Date:To:CC:Resent-Date: Resent-From:Resent-To:Resent-Cc:In-Reply-To:References: Content-Type:Content-Disposition; b=ZWZDyqEzSrenVkgV1QVPAAE1X0xZUhvJKHdFw7EVEMc99EaEjGyG6P6rC1TMuQtFl hTpVCzMo3qfZXnHucLmUOomgnxWYYivWEX6GNihxlEyUpFKhvjapoIbscj2ykahJLK FIsWrGzLjuF+5jSw01suSKhmoPCXW0DHoptn1BZhGz6MBtIbg+AqIXVFg1XxHZ1DH1 NApjBrjkIDqVfOuS2x960R/fdwnsByhhR6pT3Ft0hdy9UGmHMYNZ4qx01pfkAR1OXg fOGrxuznbETS8gCD1YqqIkhGdXAsxe3tdTIWbpio7PW5mj8gE7GmUH0nD1k6V9UCkF bcWrel9mNV5yrNbFq5HNn4dS5lvxFVXhf3lKegvvixExXDZwFCaYqq9uBYV3TJaN8N Fi1ciaF++YIODsgCBUyBE90MyF+EY3xNXRyjBrUYBgXXuLorJISmTZ+mZXV6+rEoIa j62ubpQH0zajvdboUqoBSNScpGs4+Toi8XHjap6N//j0nvJFi+B
Date: Fri, 9 Nov 2018 21:27:05 +0000
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, openpgp@ietf.org
Message-ID: <20181109212704.GI890086@genre.crustytoothpaste.net>
References: <23523.16831.292658.490356@chiark.greenend.org.uk> <20181108012559.GF890086@genre.crustytoothpaste.net> <878t24yrzn.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="HuXIgs6JvY9hJs5C"
Content-Disposition: inline
In-Reply-To: <878t24yrzn.fsf@wheatstone.g10code.de>
X-Machine: Running on genre using GNU/Linux on x86_64 (Linux kernel 4.18.0-2-amd64)
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Scanned-By: MIMEDefang 2.79 on 127.0.1.1
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/kl1FKPe4VbWmNjz1e1kYKC7y_SE>
Subject: Re: [openpgp] OpenPGP Web Key Directory I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 21:27:20 -0000

On Thu, Nov 08, 2018 at 07:59:24AM +0100, Werner Koch wrote:
> On Thu,  8 Nov 2018 02:25, sandals@crustytoothpaste.net said:
> 
> > I definitely agree that lowercasing the address is wrong.  The RFCs say
> > that the local part is case sensitive, and there are many case-sensitive
> > systems on the Internet today.
> 
> Please tell me a single public accessible system which is
> case-sensitive.  Ask any non-hacker about mail addresses; almost
> everyone enters mail addresses in whatever case they like.  I have seen
> many business cards which spell Joe.Hacker@example.org despite that the
> canonical address is joe.hacker@example.org.  See also the OpenPGP DANE
> RFC for this.

My mail system is case sensitive.

Even ignoring me as an example, there's now SMTPUTF8, which means that
case folding is nontrivial.  Turkish has a dotted I and dotless I, and
case folding a Turkish email address in the traditional ASCII way could
produce invalid results even if the system is case-insensitive.  Greek
sigma case folds differently depending on position.  Moreover, I expect
some SMTPUTF8-capable systems don't case fold non-ASCII characters.

Even if you think this is not an issue, RFC 5321 requires that the
local-part "MUST be…assigned semantics only by the host specified", and
we should not knowingly violate other IETF RFCs in writing our own.
This is a MUST directive; it is not optional.

If you adopted Ian Jackson's suggestion to not hash the name, then case
sensitivity wouldn't be a concern; you could simply choose to let the
remote system accept whichever case you wanted.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204