Thanks, Russ, inline On Sat, Jun 27, 2020 at 05:27:46PM -0400, Russ Housley wrote: > Brian: > > >> I think Brian actually made my point. While the filed contains an email > >> address, using it as such would result in a delivery failure. The private > >> key holder cannot be reached by this address. > > > > I don't see a requirement in RFC5280 that the email address in an > > rfc822name must be reachable, or that it must belong to the private key > > holder. > > We seem to be interpreting RFC 5280, Sections 4.1.2.6 and 4.2.16 differently. > > 4.1.2.6. Subject > > The subject field identifies the entity associated with the public > key stored in the subject public key field. The subject name MAY be > carried in the subject field and/or the subjectAltName extension. ...
Yep. For purpose of ACP, we use rfc822Name, but the entity may get from registrar/CA other names too, such as any pre-existing, however formatted SN. > 4.2.1.6. Subject Alternative Name > > ... > > When the subjectAltName extension contains an Internet mail address, > the address MUST be stored in the rfc822Name. Yes. ACP does that. > The format of an > rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821]. > A Mailbox has the form "Local-part@Domain". Yes. ACP does that. > Note that a Mailbox has > no phrase (such as a common name) before it, has no comment (text > surrounded in parentheses) after it, and is not surrounded by "<" and > ">". Rules for encoding Internet mail addresses that include > internationalized domain names are specified in Section 7.5. Yes, ACP does that. > Section 4.1.2 of RFC 2821 provides the ABNF for the Mailbox. Yes, ACP matches that. Actually, when i did the ABNF, i had to go through a couple of RFC becaue 2821 was superceeded and i think i picked as references the now normative one, but have to go back and remember details. No actual change in the syntax AFAIK since rfc2821. > RFC 2821 says: > > As used in this specification, an "address" is a character string > that identifies a user to whom mail will be sent or a location into > which mail will be deposited. The term "mailbox" refers to that > depository. ... > > So, the mailbox is the place that email gets sent to. Do you think that this sentence makes an address of nore...@example.com an invalid email address given how it does not receive email ? And please do not conflate this discussion with the use in certificates, your discussion points about rfc2821 are non-considering any certificate work, as rfc5280 does not attempt to redecine anything. Would you also like to legislate what "user" means ? E.g.: would lamps-requ...@ietf.org, valid email address in your reading or does a user have to be a human ? In any case: ACP email address can perfectly well have mailboxes, You also did not repy to my expamples about other systems where email addresses are primarily used for non-mailbox purposes but still encoded in rfc822Name. I have seen no outlawing of this practice through IETF documents. Cheers Toerless > Russ -- --- t...@cs.fau.de _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima