IETF Logo Mail Archive

Re: revised "generic syntax" and "data:" internet drafts

Jonathan Rosenne <Jonathan_Rosenne@compuserve.com> Fri, 04 April 1997 13:54 UTC

Received: from cnri by ietf.org id aa13555; 4 Apr 97 8:54 EST
Received: from services.Bunyip.Com by CNRI.Reston.VA.US id aa08962; 4 Apr 97 8:54 EST
Received: (from daemon@localhost) by services.bunyip.com (8.8.5/8.8.5) id IAA22869 for uri-out; Fri, 4 Apr 1997 08:01:30 -0500 (EST)
Received: from mocha.bunyip.com (mocha.Bunyip.Com [192.197.208.1]) by services.bunyip.com (8.8.5/8.8.5) with SMTP id IAA22864 for <uri@services.bunyip.com>; Fri, 4 Apr 1997 08:01:27 -0500 (EST)
Received: from dub-img-5.compuserve.com by mocha.bunyip.com with SMTP (5.65a/IDA-1.4.2b/CC-Guru-2b) id AA27920 (mail destined for uri@services.bunyip.com); Fri, 4 Apr 97 08:01:26 -0500
Received: by dub-img-5.compuserve.com (8.6.10/5.950515) id IAA12681; Fri, 4 Apr 1997 08:00:55 -0500
Date: Fri, 04 Apr 1997 08:00:29 -0500
From: Jonathan Rosenne <Jonathan_Rosenne@compuserve.com>
Subject: Re: revised "generic syntax" and "data:" internet drafts
To: IETF URI list <uri@bunyip.com>, URL List <ietf-url@imc.org>
Message-Id: <199704040800_MC2-13C3-2D43@compuserve.com>
Sender: owner-uri@bunyip.com
Precedence: bulk

>>  > I think the ":<password>" should be removed from the default Internet
> > > component.  Otherwise you encourage plaintext passwords (people will
use
> > > them anyway if really necessary).
> > 
> > This isn't the "default" Internet component, it is the "generic"
Internet
> > component. And the security considerations section says:
> > 
> >    It is clearly unwise to use a URL that contains a password which is
> >    intended to be secret.
> > 
> > Need it say more?
> 
> No.  It needs to say less.  Don't even bother suggesting a syntax for
> cleartext passwords -- it's not useful in the "generic" case.

Please note that in any case, even when one uses a "password" input field
in a form, in most cases in practice the password is transmitted over the
wire in clear. So I don't see what is so wrong about having it in the URL.

Jonathan Rosenne
JR Consulting
P O Box 33641, Tel Aviv, Israel
Phone: +972 50 246 522   Fax: +972 9 956 7353
http://ourworld.compuserve.com/homepages/Jonathan_Rosenne

v2.23.0 | Report a Bug | By Email