[Cryptography] DIME // Pending Questions // Seeking Your Input

Hasan Diwan hasan.diwan at gmail.com
Sat Feb 28 14:33:10 EST 2015 

On 27 February 2015 at 08:08, Ladar Levison <ladar at lavabitllc.com> wrote:
>
>> 2. The current RFCs dictate that domain names are handled case
>> insensitively, while mailbox names (what goes in front of the @ symbol),
>> should be considered case sensitive. This behavior stems from the fact that
>> most early email systems ran atop Unix, which has a case sensitive file
>> system. Thus a capital letter in the mailbox would result in the email
>> server saving a message in a different file. These days email systems
>> generally operate case insensitively on mailbox names because of the
>> obvious implications associated with allowing email addresses which are
>> almost identical. The question is: *should DIME mandate mailbox names be
>> compared case insensitively?* Keep in mind that if names are considered
>> case sensitive, a capitalized letter could result in a server returning a
>> different signet (with different encryption keys)!
>>
>
> How would this work for languages like Arabic or Chinese, which have no
> notion of upper and lower case?
>
>
>>
>> 3. Somewhat related to the previous question, *should support for
>> international domain names and mailboxes (using UTF-8) be mandatory?* Or
>> should UTF-8 address support be optional? Systems without support for UTF-8
>> addresses would be forced to use the ASCII encoding scheme defined in the
>> current email RFCs. Sadly, I am not an expert on internationalization, and
>> the prospect of normalizing UTF-8 mailboxes and domains for comparison
>> operations could be complicated, error prone, and a potential source for
>> security problems. Do the benefits outweigh the drawbacks? (See RFCs 5890
>> and 6530 for a discussion of international mailboxes and domain names.)
>>
>
> Yes, it's about time.
>
-- 
OpenPGP: https://hasan.d8u.us/gpg.key
Sent from my mobile device
Envoyé de mon portable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150228/0cf815e5/attachment.html>

More information about the cryptography mailing list