On Sun, Jun 21, 2020 at 12:28:25PM -0400, Michael Richardson wrote: > > Russ Housley <hous...@vigilsec.com> wrote: > > One cannot send email to the character string in this specification, so > > it should not be carried in the rfc822name. > > You can send email to that character string if you configure the MX. > It was designed specifically to accomodate that. > > I objected at the time: I thought it was a stupid feature, that no sensible > IKEv2 daemon > was going to have to send/receive email. > > But, Toerless was paranoid that if we did anything at all out of the > ordinary, that the corporate CA people, in order to protect their fiefdom, > would freak out and throw some huge roadblock in the way of deploying the ACP.
I note that the -24 discusses creating a single mailbox rfcSELF@<domain>, which receives mail for *all* ACP identities in the domain, yet we are in other parts of the document claiming that these identities are distinct and in many cases will be granted different authorizations. If these identities are supposed to be equivalent in the "RFC 822" sense, then it seems inconsistent to use the rfc822Name field (which sees them as equivalent) yet treat them as distinct entitites. -Ben _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
