On Sun, 14 Jun 2015, Viktor Dukhovni wrote:
As I'm fairly sure I described in detail before, base32 provides the
option of reversing the encoding at the server, looking up the local
part using whatever fuzzy matching the server wants to use, and
sending an appropriate response.
This pretends that the server can read the human mind of the sender.
No, it assumes that the server has access to the same canonicalization
and aliasing data as the SMTP server that processes mail for the
domain.
But that's not what this is about. This is about the user typing in an
email address FOO and that address does not exist, and now some fuzzy
matching will happen for the client/server to map it to a valid address
with no guarantee that the user actually meant that target mailbox.
It does not even relate to crypto keys!
Then somehow, the crypto key lookup is can be enhanced by using base32
lookups so the server can return crypto keys?
If you try to send an email and use the wrong email address, it will
go to the wrong user. In our discussion, it will go encrypted to the wrong
user or in plaintext to the wrong user. How does having done a base32
lookup versus a hashed lookup make any difference?
If no such data is available then only exact matches will
return results. With reversible encodings, the server might use
the DNS protocol, but use something fancier than exact match to
locate the right records.
There are no "right records" when you email a non-existing, wrong
address you made up or typoed on. This has nothing to do with crypto
keys.
Because it is the server for the target
domain, it might the canonical object corresponding to a given
lookup key.
And that could be a disservice to the user! Now the secret email you
meant to send me gets encrypted and delivered to PaulHoffman isntead
of PaulWouters?
If you want to do fuzzy localpart matching, go and fix that problem.
Once you have fixed that, and you can determine the True Local Part
of a human's intention, you can just pick up the crypto key from
the right location even when using hash(lowercase(True Name))
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
