top | item 39746795

(no title)

tantalic | 1 year ago

I am a bit surprised the proposal doesn't suggest using a hash (such as SHA-2) rather than directly passing the email address.

discuss

edent|1 year ago

That's a reasonable point. I was just modelling on how WebFinger works. A sufficiently secure hash might be sensible.

ArchOversight|1 year ago

You'd have to also specify a normalization procedure to make sure that email addresses are provided in the same format each time.

8organicbits|1 year ago

For anyone who thinks that may be a hand wave, there isn't a standard way to normalize email addresses. If you're building to the spec, then the local part can be processed case-sensitively, so Django lowercases the part after @ only. Others strip out stuff like gmail's +tags and really get into the weeds of how different email providers process emails.

https://pypi.org/project/email-normalize/

https://stackoverflow.com/questions/9807909/are-email-addres...

dymk|1 year ago

They're aware of it, at least. They mention this is how Gravatar works.