IETF Logo Mail Archive

Re: [Spasm] Fwd: New Version Notification for draft-ietf-lamps-eai-addresses-09.txt

Wei Chuang <weihaw@google.com> Fri, 21 April 2017 18:08 UTC

Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B72129B39 for <spasm@ietfa.amsl.com>; Fri, 21 Apr 2017 11:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Level:
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tK1qybge8O5i for <spasm@ietfa.amsl.com>; Fri, 21 Apr 2017 11:08:47 -0700 (PDT)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 287631294C3 for <spasm@ietf.org>; Fri, 21 Apr 2017 11:08:47 -0700 (PDT)
Received: by mail-vk0-x234.google.com with SMTP id j127so15053031vkh.0 for <spasm@ietf.org>; Fri, 21 Apr 2017 11:08:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GQPuNMZQgC5UxjPbXMpnWQJrQdKDup1Tqd9CX4lQVco=; b=KQewbSDT0SQupZ1Jq8ze3EuHuH3M3AQ31Mw/3KjN0ew/PqoUntExEG0zFOJpy1Gk+8 UfTSa1JrV3lIB1caRptfvBjHdLUYJQr8iTO6nfCVdHN/EgEMyDrXhXdgTXE26nvseWKn I40H69RzabNwzgPJXKDtRgrUOKgYdBbdFb31UdEwr1pEgsv5Kf4plQsdou8eOhmhAuZm uRV3RPC6K4jqULfl7+DPc8VBEBROY0W1L/ZSAoRrvQ+Wf9BiH/3XYUmWGM6Gtgi1TdES A47ByVcOyv6UH9RrEfC4/htCGF0b7D0yZrcEUj6mKGlNJXS/9jkfE8+ZJD/2M62DksR3 m5NA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GQPuNMZQgC5UxjPbXMpnWQJrQdKDup1Tqd9CX4lQVco=; b=Grdb8Yed1/K2Fp25yUMmBkUoEZgGT2fFQDSdU7/prrB+RMMyZ2Evv5BDmg8lbfSJQC mvMi5pGx4M+yWS2M7/DBt66bFLS+LOwPLzFJTis0XDCZu2e4BGa8lc8obG0zJB878YUA 4cuQvkhSptNx4jgHaEwZxcIbqLrDcAanVWySP962MHDaTpCewqow/3uROxeitsFSt1W8 tKdDmrF4USykWCHS7SFpBiR5ksm8RPohznGmLYkMiN9ad7n9Mos4pLPf1R/QAUkoBXJ/ Oj4IGm0ojtnkbfQylIsSXz5ViLBq9JeSGucdkNFB2Y+VfKLltbWyZfhlCNugIljzvnvy MPiQ==
X-Gm-Message-State: AN3rC/5zjkOxqoghL+gupgHJbGleC6kjikJL4MnAVINUqLfGUUQnS34/ GHtFTe2OJlSUx4E/sRF3E8Y9cu9m6H727oeP4g==
X-Received: by 10.31.170.68 with SMTP id t65mr6340946vke.133.1492798125881; Fri, 21 Apr 2017 11:08:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.51.200 with HTTP; Fri, 21 Apr 2017 11:08:45 -0700 (PDT)
In-Reply-To: <20170416191332.GC25754@mournblade.imrryr.org>
References: <149229472895.17667.5213935202883938437.idtracker@ietfa.amsl.com> <CAAFsWK3qNJ4K4e7cVm1cyhyySUCxjMJdoDpfLDnRH+UrvZOPjw@mail.gmail.com> <20170416191332.GC25754@mournblade.imrryr.org>
From: Wei Chuang <weihaw@google.com>
Date: Fri, 21 Apr 2017 11:08:45 -0700
Message-ID: <CAAFsWK2WD1YxAeVRKEPnEkGCV5wg2_c1rmH7vb+jjm4AF5FPLQ@mail.gmail.com>
To: SPASM <spasm@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a11431b66092547054db12661"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GWRhd1sFNaHUmj36xM2H6DyIMyk>
Subject: Re: [Spasm] Fwd: New Version Notification for draft-ietf-lamps-eai-addresses-09.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 18:08:50 -0000

On Sun, Apr 16, 2017 at 12:13 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Sat, Apr 15, 2017 at 03:20:23PM -0700, Wei Chuang wrote:
> > Hi all,
> >
> > An updated draft of "Internationalized Email Addresses in X.509
> > certificates" with the latest comments is now posted.  Comments welcome.
>
> This version is I think flawed.
>
>     * It fails to describe how rfc822Name name constraints are to
>       be used to restrict SMTPUtf8Name altnames.  (By decoding any
>       U-labels in the rfc822Name constraint and then applying to
>       the SMTPUtf8Name with byte-for-byte comparison whole domain
>       or ancestor domain as appropriate).
>

The document calls for the conversion process in section 5, then apply
RFC5280 section 4.2.1.10.  Your suggested language can be added.


>     * It incorrectly asserts that SMTPUtf8Name is only for addresses
>       with a non-ASCII localpart, while in fact even ASCII localparts
>       at UTF-8 domains can be used with SMTPUtf8Name, whenever the
>       relevant email address employs a UTF-8 domain name.
>

Agreed it can represent non-ASCII localpart, but there is a compatibility
problem.  Keep in mind that the name constraints on full email addresses is
MAY NOT in the draft (due to legacy), so may still exist.  It was to
prevent potential interaction between a legacy rfc822Name ASCII local-part
email address name name constraint and the SmtpUTF8Name ASCII localpart
email address, that different implementations will choose to handle
differently.  The exclusion prevents any possibility of inconsistency.  I
agree its draconian, and I would like to think that this could be revisited
in the future.


>
>     * The new text of section 6 is confusing.  There seems to be
>       a misunderstanding here, that may account for both the
>       technical errors and the confusing explanatory text.
>

Agreed that there is a bug in the example that needs to be fixed.  Sorry
about that.

-Wei


>
> --
>         Viktor.
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>

v2.23.0 | Report a Bug | By Email