Open stewrg opened 6 years ago
bapril
commented
6 years ago This is a larger problem. The Trident platform case squashes all e-mail addresses down to lowercase. Technically rfc5321 tells us that the local part (username) should be treated as case sensitive. It's a minor added transgression to allow keys with any capitalization when we compare considering we are already case squashing the downward. Thanks!
morrowc
commented
6 years ago specifically 5321 section 2.4: "That is, a command verb, an argument value other than a mailbox local-part, and free form text MAY be encoded in upper case, lower case, or any mixture of upper and lower case with no impact on its meaning. The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged. Mailbox domains follow normal DNS rules and are hence not case sensitive."
that's a bummer ;( but.. since we squash at ingress to the db on email addresses it's probably safe (here) to search case-insensitive in the db query for keys.
I have noted several users not being able to upload their PGP key. I have established that it is users who have created their PGP keys using capital letters rather than all lower case... and this means that the exported key differs from the expected key and is rejected by the Trident platform.
As a work-around, users need to go back to the software they used to generate their key pair - and follow the steps to add a second email address - but in fact enter their email all in lower case. When they export their public key it will be accepted by Trident.
Either:
Thanks