[Tickets #14321] Re: PGP Key-IDs should be compared in a case-insensitive way

noreply at bugs.horde.org noreply at bugs.horde.org
Fri Apr 8 11:24:40 UTC 2016 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14321
------------------------------------------------------------------------------
  Ticket             | 14321
  Updated By         | mike.gabriel at das-netzwerkteam.de
  Summary            | PGP Key-IDs should be compared in a case-insensitive
                     | way
  Queue              | Horde Framework Packages
  Type               | Bug
  State              | Not A Bug
  Priority           | 1. Low
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


mike.gabriel at das-netzwerkteam.de (2016-04-08 11:24) wrote:

Hi Jan,

> Even though those two email addresses may be the same on your  
> system, they are different addresses by definition. While the domain  
> part of an email address is case insensitive, the user part is not.  
> It would be more correct to use Horde_Mail_Rfc822_Address::match()  
> to verify

RFC 2822, I presume...

> the address, but that wouldn't solve your problem.

This is a valid point, however, most keyserver implementations don't  
see and neither handle it that way.

You may want to search for you own public PGP key (or mine) with  
different variations of email address spelling (regarding  
upper-lower-case combinations) and you will always retrieve the same  
key information:
http://sks.pkqs.net/

Similar with the gpg command line client.

  Please also note, that in GPG/PGP a "User ID" can be any UTF-8  
string representation  [1], but should mostly be the user's full name  
and email address (plus optionally a comment).

So after 30min of search on the net, reading some RFCs and the GnuPG  
handbook, I cannot find any hint of case-(in)sensivity regarding GPG's  
User ID packet.

Only thing I can provide is best practice experience, and this end up:  
mail addresses in User ID packets should be considered as case  
insensitive.

Thanks+Greets,
Mike

[1] https://tools.ietf.org/html/rfc4880#section-5.11

More information about the bugs mailing list