Alexey wrote: [...] > Ok, let me try to elaborate on my review and why I wrote what I wrote. I was > talking specifically about IMAP/POP/SMTP usernames (passwords are > another story). Many email servers support all of the three protocols and > use the same identity format in all three. For a given email address the > corresponding user identity is either the left hand side of the email address > and/or the whole email address. (This isn't documented anywhere, but it is > one of the things that all email implementors need to know.) The domain > part (if included) is case-insensitive. SMTP (RFC > 5321) says that the left hand side is case sensitive. In practice this > restriction > turned out to be quite problematic in real deployments (because humans > just don't pay attention to case sometimes) and most of the systems I know > of treat left hand sides as case sensitive.
Did you mean to say sensitive or insensitive above? > However until and unless an > update to RFC 5321 declares that all left hand sides of email addresses are > case insensitive, we can't say that left hand sides are always case > insensitive, > as some systems might rely on case sensitivity of left hand sides. > > Does this help? Yes, it clarifies that currently it's Indefinite, and hence dangerous to use for many security purposes. (And btw simply declaring that something is case insensitive but not restricted to ASCII, is also Indefinite.) Thanks! -Dave _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
