AW: Web Key Directory handling of IDN

Jürgen Schäpker Juergen.Schaepker at
Mon Nov 7 16:00:31 CET 2016


>> The current draft WKD will only be able to find non-ASCII address
>> hashes by pure chance. MUAs can look for the hashes of
>> Öyvind at and öyvind at and only for one WKD
>> will return a result.

>And what does the mail server do? It is not clear to me at all that the
>mail server fares any better. Are you working here with a specific MTA
>application in mind that happens to misuse IDN for normalizing local
>parts? (IDN is for domain names, not other UTF-8 encoded data)

Please read up on

The following are all valid international email addresses:

  用户@例子.广告                 (Chinese, Unicode)
  उपयोगकर्ता@उदाहरण.कॉम           (Hindi, Unicode)
  юзер@екзампл.ком             (Ukrainian, Unicode)
  θσερ@εχαμπλε.ψομ             (Greek, Unicode)
  Dörte at Sö   (German, Unicode)

>Do you happen to know how some major MTA's (Exim, Postfix, Sendmail,
>Exchange[1]) handle this?

Apparently there are lots of MTAs that support it. There is a standard SMTPUTF8 in RFC 6531.

List of supporting servers

    Postfix (version 3.0 and later)[8]
    Momentum (versions 4.1[9] and 3.6.5, and later)
    Sendmail (Under development)
    Exim (experimental as of the 4.86 release)

>> Jürgen and jürgen convert to xn--jrgen-kva

 >I don't see your point. So I register the e-mail address xn--jrgen-kva
>instead of jurgen. It was just an example, the details are freely
>exchangeable and my point stands.

In other words: if the standard doesn't work in reality, change reality.


The standard must work in the context of other existing standards. People already use IDN email so the WKD standard must support it unless it is intended to be incompatible from the get-go.

It's not about registering an email address. In businesses most people are assigned addresses. And the concern is the lookup. A contact's email address might be typed in any upper/lower case combination. The MUA needs to be able to type in as search address any upper/lower case variant of DÖRTE.WhAtÄvÜö@ÖttÜ.com and still get the result for that address from the WKD.

>> No. Not if you don't control the redirecting server.

>Let's agree to disagree.

You can't successfully disagree with reality.

>> you cannot rely on finding a single god admin for all domains that
>> should be served by a single WKD.

>I don't follow this single admin line of thought. I simply do not know
>what you mean.

I don't think you are arguing honestly here. You can't imagine control issues in international companies with different IT departments in different countries?  You can't imagine a small office using a cheap webhoster that doesn't allow redirection the way you want?

I think you should remember that a standard should work in all scenarios, even those you personally have no experience with.

Best regards,

More information about the Gnupg-devel mailing list