local part of e-mail addresses

Neal H. Walfield neal at walfield.org
Sat Jul 25 18:16:08 CEST 2015


At Tue, 21 Jul 2015 14:24:42 +0200,
Werner Koch wrote:
> On Tue, 21 Jul 2015 13:24, neal at walfield.org said:
> > introduces a potential for false positives.  However, I think it is
> > extremely rare that email addresses like neal at walfield.org and
> > Neal at walfield.org are distinct.  Thus, I think in this case,
> > regularizing is the right approach.
> I concur.  People actually tend to change capitalization of mail
> addresses so that common MUA configurations ignore the case.
> GnuPG's PKA system hashes the local-part but downcases all plain ASCII
> characters first.  Characters with the MSB set are not touched and
> hashed verbatim.  The reason for that the latter is that the rules for
> changing the case of characters > 127 depend on the locale and are
> sometimes not correctly implemented if at all well defined.  This is all
> done on the UTF-8 encoding without any IDNA transformation.

I'm not familiar with this problem.  Here are my thoughts.  We want to
prevent attacks whereby an attacker creates a key that appears
legitimate, but does not trigger a conflict.  Concretely, if the
user's email address is:

  alice at example.org


  Alice at example.org

should result in a conflict.

Let's assume that 'A' maps to different lower case letters in
different locales (say, 'a' and 'b'):

  'A' -> 'a'
  'A' -> 'b'

Moreover, let's assume that other letters also sometimes map to 'a'
(say 'B'):

  'B' -> 'a'
  'B' -> 'b'

If we map all of these letters to one representative letter, say 'x',
then 'alice' maps to 'xlice' and 'Alice' maps to 'xlice' and we
correctly identify a conflict!

The tradeoff is that we increase the false positive rate (i.e., we
suggest there is a conflict where this is none).  But, if the
equivalent classes are relatively small, these should be manageable.



More information about the Gnupg-devel mailing list