Thanks, Russ, inline
On Sat, Jun 27, 2020 at 05:27:46PM -0400, Russ Housley wrote:
> Brian:
>
> >> I think Brian actually made my point. While the filed contains an email
> >> address, using it as such would result in a delivery failure. The private
> >> key holder cannot be reached by this address.
> >
> > I don't see a requirement in RFC5280 that the email address in an
> > rfc822name must be reachable, or that it must belong to the private key
> > holder.
>
> We seem to be interpreting RFC 5280, Sections 4.1.2.6 and 4.2.16 differently.
>
> 4.1.2.6. Subject
>
> The subject field identifies the entity associated with the public
> key stored in the subject public key field. The subject name MAY be
> carried in the subject field and/or the subjectAltName extension. ...
Yep. For purpose of ACP, we use rfc822Name, but the entity may get
from registrar/CA other names too, such as any pre-existing, however
formatted SN.
> 4.2.1.6. Subject Alternative Name
>
> ...
>
> When the subjectAltName extension contains an Internet mail address,
> the address MUST be stored in the rfc822Name.
Yes. ACP does that.
> The format of an
> rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].
> A Mailbox has the form "Local-part@Domain".
Yes. ACP does that.
> Note that a Mailbox has
> no phrase (such as a common name) before it, has no comment (text
> surrounded in parentheses) after it, and is not surrounded by "<" and
> ">". Rules for encoding Internet mail addresses that include
> internationalized domain names are specified in Section 7.5.
Yes, ACP does that.
> Section 4.1.2 of RFC 2821 provides the ABNF for the Mailbox.
Yes, ACP matches that. Actually, when i did the ABNF, i had to go
through a couple of RFC becaue 2821 was superceeded and i think i picked
as references the now normative one, but have to go back and remember details.
No actual change in the syntax AFAIK since rfc2821.
> RFC 2821 says:
>
> As used in this specification, an "address" is a character string
> that identifies a user to whom mail will be sent or a location into
> which mail will be deposited. The term "mailbox" refers to that
> depository. ...
>
> So, the mailbox is the place that email gets sent to.
Do you think that this sentence makes an address of nore...@example.com
an invalid email address given how it does not receive email ?
And please do not conflate this discussion with the use in certificates,
your discussion points about rfc2821 are non-considering any
certificate work, as rfc5280 does not attempt to redecine anything.
Would you also like to legislate what "user" means ? E.g.: would
lamps-requ...@ietf.org, valid email address in your reading or does
a user have to be a human ?
In any case: ACP email address can perfectly well have mailboxes,
You also did not repy to my expamples about other systems where
email addresses are primarily used for non-mailbox purposes
but still encoded in rfc822Name. I have seen no outlawing of
this practice through IETF documents.
Cheers
Toerless
> Russ
--
---
t...@cs.fau.de
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
