Open r10s opened 6 years ago
WinAuthFan
commented
6 years ago Another issue with gmail are the "plus tags". user@gmail.com and user+tag@gmail.com are the same.
Is there a way for DC to understand which addresses are the same? There is likely no way to do that in general, but you could do it for a few major email providers, like gmail -- that will affect a lot of people.
r10s
commented
6 years ago Is there a way for DC to understand which addresses are the same?
No, there is no special handling for such addresses.
testbird
commented
6 years ago The problem you first describe in this issue sounds like a configuration error in the client to me.
The + subaddresses are supported by many servers https://tools.ietf.org/html/rfc5233. These single account addresses could probably be striped by DC for autocrypt, or is that somehow insecure?
The more basic solution required for real aliases, cnames, shared key MUA cases etc. seems to be to allow (confirming) the same key for multiple addresses.
r10s
commented
6 years ago The problem you first describe in this issue sounds like a configuration error in the client to me.
yes, of course, but @gmail.com and @googlemail.com confusion happens easily, at least here in germany where google was not allowed to use "gmail" in the first place.
if a user types a user@gmail.com address into delta but has configured google to use user@googlemail.com, the Autocrypt key will be generated for user@gmail.com and the corresponding header will be added. When sending mails, Google replaces user@gmail.com by user@googlemail.com - and the Autocrypt key do not match by definition.
I think this issue should not be mixed with other issues the +addresses may have - afaik they are not changed by google on outgoing messages, so at least this problem should not appear.
testbird
commented
6 years ago I see. Maybe the setup code could check the "Sent" folder and if it finds other addresses show a question which email address should be used, including the currently smpt login name config?
EDIT: It should work generally, for multi-address mailbox providers.
r10s
commented
6 years ago my rough idea was to send a testing mail on configuration.
testbird
commented
6 years ago Yes, that's good to find out the current server default.
The Autocrypt key will be configured for the E-Mail-Address given to dc_configure(). If the SMTP-server changes the address on sending, the receiver will get a bad Autocrypt key (seen on gmail when a user@gmail.com was configured in Delta an user@googlemail.com on the google server)
While this is okay in general (the key will just not be used) it comes to Errors when QR-code-verification, that relies on Autocrypt for key exchange, comes to play.