Re: [lamps] Spencer Dawkins' No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 08 January 2018 15:56 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD1B12706D; Mon, 8 Jan 2018 07:56:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgodzYymtgho; Mon, 8 Jan 2018 07:56:52 -0800 (PST)
Received: from mail-yb0-x22d.google.com (mail-yb0-x22d.google.com [IPv6:2607:f8b0:4002:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C3E3126579; Mon, 8 Jan 2018 07:56:52 -0800 (PST)
Received: by mail-yb0-x22d.google.com with SMTP id j7so4688450ybl.3; Mon, 08 Jan 2018 07:56:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WZDvcBQbdOpgJ97BS0F1Uooy+bWQX5zInbygeAopaaY=; b=JrfYXhxJ1QN8qPsqhbezRcZBIqjQNbQruSO//6F7nhP49flQp2W/sw8NYbcTApjVTb /ddZRi+VlGOKXND6zApHlqKz3TzzpzYAGebGQ/8XWB6mUbYgmngc2k2wWfXXtyKBrso6 dtDF9FC52xoHPyqxuDhLCX7KWTaKtODcRdmt8GD6cbFnzw6ObQVkX323No6hWTOA1PHZ 9sQdnqJXYSH+8CTkc+RmMBXy2ahnPQPdESisogO982hNfYVupXE0FEBQiDXID0/NpkZH n01wso4pf3LavaM2kBolmDHLJMX5GbQkwbZgb1N7k5jwnctiOVMg6YNUnqtBS5Kbmmtv lYgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WZDvcBQbdOpgJ97BS0F1Uooy+bWQX5zInbygeAopaaY=; b=uFXP1PURzx3UY5kaZaP9s2tpZF6tr6raM8h7n+PVLd19FWEo1CHpeYdoKhocoPo9Iz sXKRtgVS+81haHX/ehQUWlbTzvFMzScuvEv8g6jmo6ipGoTpowjkuKV4S1Cnf6sMO5+c JIKU2kZe0i5Yi12w27PpEbzhLDsAvjucxo+Eqpx+j3BRx+nAP34hHO4uec66d7bOrRLh KsRK4SAisiTu22UoEGT0wjGYfjLo9tH9b6u33JxJsckJRS1uKLyKn9A2Z7l+CctEovLR AuBGW1vEU+69H2vOkshrbGPvhnFCGwimhhbKj2xhmpiHDxgQvsscudWMbSpapnZBvaHQ 7Xgw==
X-Gm-Message-State: AKGB3mJHIyG1n4IF9ndjn8fkfOZcPokU9OjN4ftJZlmTw90JayUIPjbs 2LIHROc9LbKyX3EwCZfy+QBwUGKB8TM6gXVS9/g=
X-Google-Smtp-Source: ACJfBotSRzNF8Xm5Tgo3BTbm6vDUk/kLFENE35wNQfU67N66EFNpDWAOdtWAY8tbmAdQ9iIGgja7+vhg1ZNigGYcaSQ=
X-Received: by 10.37.50.137 with SMTP id y131mr11394637yby.417.1515427011491; Mon, 08 Jan 2018 07:56:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.132.6 with HTTP; Mon, 8 Jan 2018 07:56:51 -0800 (PST)
In-Reply-To: <0dbab422-5208-50fc-6db3-4304599a8d24@isode.com>
References: <151439056144.29897.5203263014335278965.idtracker@ietfa.amsl.com> <0dbab422-5208-50fc-6db3-4304599a8d24@isode.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 08 Jan 2018 09:56:51 -0600
Message-ID: <CAKKJt-daCmXR+eK=9fOAWEAqZ9=ooNshiJ_3DpfLidux+idTfw@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: The IESG <iesg@ietf.org>, spasm@ietf.org, lamps-chairs@ietf.org, draft-ietf-lamps-eai-addresses@ietf.org, Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="001a1146bb3ab3fcca056245d8ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/iGc6qABtSuGxrQukyhRdIJ3Wssc>
Subject: Re: [lamps] Spencer Dawkins' No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 15:56:55 -0000
Hi, Alexey, On Mon, Jan 8, 2018 at 9:11 AM, Alexey Melnikov <alexey.melnikov@isode.com> wrote: > Hi Spencer, > > Thank you for your comments. > > > On 27/12/2017 16:02, Spencer Dawkins wrote: > >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> I know that you guys have been doing this longer than I've even been >> thinking >> about it, but I'm looking at >> >> Due to operational reasons to be described shortly and name >> constraint compatibility reasons described in Section 6, >> SmtpUTF8Mailbox subjectAltName MUST only be used when the local-part >> of the email address contains non-ASCII characters. When the local- >> part is ASCII, rfc822Name subjectAltName MUST be used instead of >> SmtpUTF8Mailbox. This is compatible with legacy software that >> supports only rfc822Name (and not SmtpUTF8Mailbox). The appropriate >> usage of rfc822Name and SmtpUTF8Mailbox is summarized in Table 1 >> below. >> >> and, if I'm reading this correctly, the plan is >> >> IF you don't NEED to send non-ASCII characters >> use rfc822Name >> and all implementations know what that means >> and all implementations will work fine >> ELSE you DO have non-ASCII characters so >> use SmtpUTF8Mailbox >> and all the new implementations will work fine >> and all the old implementations will barf >> which is OK because they can't handle non-ASCII anyway >> > Almost. Old implementations will just ignore such values in certificates, > which is fine, because they can't handle non-ASCII anyway. > >> Am I getting that right? Assuming so, I looked at the "operational >> reasons to >> be described shortly" and "name constraint compatibility reasons >> described in >> Section 6", and didn't see anything that was was quite that blunt. >> > My co-editor and I should double check that the text you quoted (at least > the promise of explanation) is still accurate. > >> Assuming that you're sending SmtpUTF8Mailbox to an implementation that >> doesn't >> support it, and you figure that out, is there a well-understood fallback >> that >> could be either referenced or described in a sentence or two? >> > I think fallback will depend on how certificates with SmtpUTF8Mailbox are > to be used. If they are used with S/MIME, then an email client that > supports EAI and S/MIME also need to be updated to support EAI in S/MIME. > As there is no algorithmic mapping defined between non-ASCII > SmtpUTF8Mailbox and traditional ASCII-only email addresses, your mileage > will vary. > > Similarly if this is used in TLS for user authentication, email server > implementation need to be updated to recognize SmtpUTF8Mailbox in client > TLS certificates. > > Does this help or did I misunderstand the type of fallback you are talking > about? > This was helpful. Thanks. I trust that the right things will happen :-) Spencer > > Best Regards, > Alexey > > If the answer is "what an implementation does at that point is up to the >> implementation, and different implementations may have different reasons >> to >> respond differently", that could be a fine answer, of course. >> > >
- [lamps] Spencer Dawkins' No Objection on draft-ie… Spencer Dawkins
- Re: [lamps] Spencer Dawkins' No Objection on draf… Alexey Melnikov
- Re: [lamps] Spencer Dawkins' No Objection on draf… Spencer Dawkins at IETF