On Mon, 15 Jun 2015, John Levine wrote:
Allow the client to lowercase (initially, or as a fallback) - I think
everybody agrees there is no harm in this *in practice*, then encode
with split base32. ...
No, for two reasons. One is that RFC 5321 clearly says that case
folding is forbidden, and the mail world is very big.
And I have repeatedly asking for a single deployment where FOO != foo
and not heard a single answer back. On the other hand, virtual phone
keyboards autocapitalizationing is a real issue on about 4 billion phones.
generalizing from limited experience is never a good idea.
So is generalizing everyone elses experience on this list too.
No matter how you feel about RFC 5321, the lowercasing is needed. So we
have two options. One is to let the client to two queries, the other is
to store the local part encoded using a lower case call. If you say no
to both, the RFC won't state anything about this, and all the software
will send lowercase queries. It is the least desirable end result.
Also, to point out the obvious, this is just guessing that the mailbox
associated with BOB@blah is the same one as bob@blah.
Which 4 billion humans (give or take 1) and 4 billion phones assume.
If you _security_ depends on people remembering case differences, no
amount of encryption can save you. It is a hypothetical non-realistic
contrived use case for which I've repeatedly asked empirical evidence.
The other reason is EAI. Billions of people write their names in
UTF-8, not in ASCII, and they are going to have EAI mailboxes with
UTF-8 names. You cannot case fold UTF-8 unless you know what language
the name is written in, and often not unless you also know what
sub-version of the language, e.g., the rules for Canadian French are
different from the ones for French, Belgian, or Swiss French, and
often not even then. There's stuff like traditional and simplified
Chinese characters which are equivalent except when they aren't, and
which is the canonical version is a highly political question.
Someone with knowledge on what common virtual keyboards in those
languages do could help us and say if this is a problem, and if it is
required. One possibly solution is to only attempt lowercase on those
characters or languages where it makes sense, eg only on ASCII. Again,
the choice is to specify this in the RFC so everyone performs this
operational identically and we guarantee interoperability. Or we pretend
this problem does not exist, and every piece of software will do their
own lowercasing and we have interoperability issues.
As should be obvious, I think that trying to force mailbox names into
the DNS is a fundamentally bad idea, but the least bad way to do it is
a base32 encoding of the exact name to be looked up since, unlike the
other options, it at least allows for the possibility of a correct
implementation.
It is only the least bad way if you make the assumption that I've only
seen made by you. That case sensitive mailboxes exist in the real
(non-cardboard box) world.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
