On Mar 15, 2015, at 4:52 PM, John R Levine <[email protected]> wrote: > As I've said before, the reality that mail systems do fuzzy matching on > incoming addresses, but not in a way that is at all consistent, is a big > problem. I don't think it makes sense to try to advance OPENPGPKEY or SMIMEA > or _mailbox until we and the people who know about mail figure out what to do > about it. I'm asking them to take a look.
Fuzzy matching on "mailboxes" bites in several places, far beyond email. While way out of scope of everything being discussed here, I think the idea of having a cut point handoff from the domain certification, to the 'user' certification, is something we can't ignore. Sendmail's plus-addressing scheme is a deployed example of that sort of usage. Given [email protected], we have all the bits to validate the RHS of the @, and the initial token of the LHS. But with IoT smacking us in the face, sub-personal locators are very quickly going to become a fact of life. How to deal with the bits starting at the '+' is scary. And out of context here. But it can't be ignored. --lyndon
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
