On Tue, 10 Sep 2013, Paul Hoffman wrote:
On Sep 9, 2013, at 10:52 AM, Paul Wouters <[email protected]> wrote:
It was brought to my attention by Matthias Wimmer that we overlooked
an important issue with respect to the base32 generation of the base32
encoded left hand side of the email address.
"We" did not overlook that: as author, I made that decision completely
purposefully.
Perhaps documentation of that decision belonged in the Security Section
of that document? :)
Mail servers and mail clients do not treat email addresses as
case-insensitive.
That is sometimes-true statement.
When encoding an LHS with base32, the case matters.
Yes, exactly. And so does internationalization.
Using the wrong case will cause you to not find the SMIMEA / OPENPGPKEY
record.
Yep. And will cause you to sometimes send mail to the wrong recipient.
I'm really not okay with a protocol where I encrypt to the wrong key
based on the case of the email address.
We should probably add a section explaining this, and perhaps suggest to
lowercase before base32'ing the LHS for the lookup.
Yes; no.
[citation needed]
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
