local part of e-mail addresses (was: TOFU Design)

Neal H. Walfield neal at walfield.org
Tue Jul 21 13:24:42 CEST 2015


At Mon, 20 Jul 2015 18:50:35 -0700,
Claus Assmann wrote:
> 
> On Mon, Jul 20, 2015, Simon Josefsson wrote:
> > "Neal H. Walfield" <neal at walfield.org> writes:
> 
> > > In conclusion: I think we should just use the regularized email
> > > address
> 
> > I agree.  Remember that the local part is not case sensitive.
> 
> Wrong... the interpretation of the local part is subject to
> the rules of the final destination.
> 
> RFC 2821             Simple Mail Transfer Protocol            April 2001
> ...
> 2.3.10 Mailbox and Address
> ...
>    applications than simple "user names".  Consequently, and due to a
>    long history of problems when intermediate hosts have attempted to
>    optimize transport by modifying them, the local-part MUST be
>    interpreted and assigned semantics only by the host specified in the
>    domain part of the address.
> 
> 
> See also the discussions on the DANE lists about looking up e-mail
> addresses for PGP and S/MIME keys -- there's always a large
> disagreement.

This is a good point.  However, I think in this case, it makes sense
to regularize the local part as well.  Imagine an attacker creates a
key with the email address Neal at walfield.org and my key has
neal at walfield.org.  If you already have a TOFU entry for my key and
then you get an email signed with the bad key, then not regularizing
the email address will result in gpg prompting the user to create a
new TOFU entry.  On the other hand, if we regularize the email
address, then GnuPG will detect a conflict.  Of course, this
introduces a potential for false positives.  However, I think it is
extremely rare that email addresses like neal at walfield.org and
Neal at walfield.org are distinct.  Thus, I think in this case,
regularizing is the right approach.

Thanks!

:) Neal



More information about the Gnupg-devel mailing list