Re: revised "generic syntax" and "data:" internet drafts
Jonathan Rosenne <Jonathan_Rosenne@compuserve.com> Fri, 04 April 1997 13:54 UTC
Received: from cnri by ietf.org id aa13555; 4 Apr 97 8:54 EST
Received: from services.Bunyip.Com by CNRI.Reston.VA.US id aa08962; 4 Apr 97 8:54 EST
Received: (from daemon@localhost) by services.bunyip.com (8.8.5/8.8.5) id IAA22869 for uri-out; Fri, 4 Apr 1997 08:01:30 -0500 (EST)
Received: from mocha.bunyip.com (mocha.Bunyip.Com [192.197.208.1]) by services.bunyip.com (8.8.5/8.8.5) with SMTP id IAA22864 for <uri@services.bunyip.com>; Fri, 4 Apr 1997 08:01:27 -0500 (EST)
Received: from dub-img-5.compuserve.com by mocha.bunyip.com with SMTP (5.65a/IDA-1.4.2b/CC-Guru-2b) id AA27920 (mail destined for uri@services.bunyip.com); Fri, 4 Apr 97 08:01:26 -0500
Received: by dub-img-5.compuserve.com (8.6.10/5.950515) id IAA12681; Fri, 4 Apr 1997 08:00:55 -0500
Date: Fri, 04 Apr 1997 08:00:29 -0500
From: Jonathan Rosenne <Jonathan_Rosenne@compuserve.com>
Subject: Re: revised "generic syntax" and "data:" internet drafts
To: IETF URI list <uri@bunyip.com>, URL List <ietf-url@imc.org>
Message-Id: <199704040800_MC2-13C3-2D43@compuserve.com>
Sender: owner-uri@bunyip.com
Precedence: bulk
>> > I think the ":<password>" should be removed from the default Internet > > > component. Otherwise you encourage plaintext passwords (people will use > > > them anyway if really necessary). > > > > This isn't the "default" Internet component, it is the "generic" Internet > > component. And the security considerations section says: > > > > It is clearly unwise to use a URL that contains a password which is > > intended to be secret. > > > > Need it say more? > > No. It needs to say less. Don't even bother suggesting a syntax for > cleartext passwords -- it's not useful in the "generic" case. Please note that in any case, even when one uses a "password" input field in a form, in most cases in practice the password is transmitted over the wire in clear. So I don't see what is so wrong about having it in the URL. Jonathan Rosenne JR Consulting P O Box 33641, Tel Aviv, Israel Phone: +972 50 246 522 Fax: +972 9 956 7353 http://ourworld.compuserve.com/homepages/Jonathan_Rosenne
- revised "generic syntax" and "data:" internet dra… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Chris Newman
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Edward Cherlin
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Chris Newman
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Jonathan Rosenne
- Re: revised "generic syntax" and "data:" internet… Edward Cherlin
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Roy T. Fielding
- Re: revised "generic syntax" and "data:" internet… Dan Oscarsson
- Re: revised "generic syntax" internet draft Martin J. Duerst
- Re: revised "generic syntax" internet draft Roy T. Fielding
- Re: revised "generic syntax" internet draft Edward Cherlin
- Re: revised "generic syntax" internet draft Harald.T.Alvestrand
- Re: revised "generic syntax" internet draft Martin J. Duerst