Dave Thaler wrote:
Alexey wrote:
[...]
Ok, let me try to elaborate on my review and why I wrote what I wrote. I was
talking specifically about IMAP/POP/SMTP usernames (passwords are
another story). Many email servers support all of the three protocols and
use the same identity format in all three. For a given email address the
corresponding user identity is either the left hand side of the email address
and/or the whole email address. (This isn't documented anywhere, but it is
one of the things that all email implementors need to know.) The domain
part (if included) is case-insensitive. SMTP (RFC
5321) says that the left hand side is case sensitive. In practice this
restriction
turned out to be quite problematic in real deployments (because humans
just don't pay attention to case sometimes) and most of the systems I know
of treat left hand sides as case sensitive.
Did you mean to say sensitive or insensitive above?
Right, I meant "case insensitive" in the last quoted sentence.
However until and unless an
update to RFC 5321 declares that all left hand sides of email addresses are
case insensitive, we can't say that left hand sides are always case insensitive,
as some systems might rely on case sensitivity of left hand sides.
Does this help?
Yes, it clarifies that currently it's Indefinite, and hence dangerous to use
for many security purposes.
(And btw simply declaring that something is case insensitive but not restricted
to ASCII, is also Indefinite.)
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
