Re: revised "generic syntax" and "data:" internet drafts
Larry Masinter <masinter@parc.xerox.com> Fri, 04 April 1997 01:09 UTC
Received: from cnri by ietf.org id aa23616; 3 Apr 97 20:09 EST
Received: from services.Bunyip.Com by CNRI.Reston.VA.US id aa24626; 3 Apr 97 20:09 EST
Received: (from daemon@localhost) by services.bunyip.com (8.8.5/8.8.5) id TAA16011 for uri-out; Thu, 3 Apr 1997 19:51:46 -0500 (EST)
Received: from mocha.bunyip.com (mocha.Bunyip.Com [192.197.208.1]) by services.bunyip.com (8.8.5/8.8.5) with SMTP id TAA16006 for <uri@services.bunyip.com>; Thu, 3 Apr 1997 19:51:43 -0500 (EST)
Received: from alpha.Xerox.COM by mocha.bunyip.com with SMTP (5.65a/IDA-1.4.2b/CC-Guru-2b) id AA25873 (mail destined for uri@services.bunyip.com); Thu, 3 Apr 97 19:51:41 -0500
Received: from casablanca.parc.xerox.com ([13.2.16.111]) by alpha.xerox.com with SMTP id <19023(4)>; Thu, 3 Apr 1997 13:53:34 PST
Received: from bronze.parc.xerox.com ([13.1.100.114]) by casablanca.parc.xerox.com with SMTP id <72043>; Thu, 3 Apr 1997 13:53:28 PST
Message-Id: <334426D5.600F@parc.xerox.com>
Date: Thu, 03 Apr 1997 13:53:25 -0800
From: Larry Masinter <masinter@parc.xerox.com>
Reply-To: masinter@parc.xerox.com
Organization: PARC
X-Mailer: Mozilla 3.01Gold (Win95; I)
Mime-Version: 1.0
To: Chris Newman <Chris.Newman@innosoft.com>
Cc: IETF URI list <uri@bunyip.com>, ietf-url@imc.org
Subject: Re: revised "generic syntax" and "data:" internet drafts
References: <Pine.SOL.3.95.970402171120.2607A-100000@eleanor.innosoft.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-uri@bunyip.com
Precedence: bulk
Chris, I use cleartext passwords all the time, for things that aren't actually 'secret'. I can't see dropping something from the generic syntax which is deployed and widely used, when it WAS in the proposed standard. I do believe that the security considerations should be explicit about when it is and isn't appropriate to rely on that feature. > > I think the ":<password>" should be removed from the default Internet > > > component. Otherwise you encourage plaintext passwords (people will use > > > them anyway if really necessary). > > > > This isn't the "default" Internet component, it is the "generic" Internet > > component. And the security considerations section says: > > > > It is clearly unwise to use a URL that contains a password which is > > intended to be secret. > > > > Need it say more? > > No. It needs to say less. Don't even bother suggesting a syntax for > cleartext passwords -- it's not useful in the "generic" case. There is no "generic" case. There is a generic syntax, and then there are instances of the generic syntax. cleartext passwords are useful in some instances and dangerous (but presumably also useful) in others. I think it is important to separate syntax and semantics from rules about applicability and advice about use. -- http://www.parc.xerox.com/masinter
- revised "generic syntax" and "data:" internet dra… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Chris Newman
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Edward Cherlin
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Chris Newman
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Jonathan Rosenne
- Re: revised "generic syntax" and "data:" internet… Edward Cherlin
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Martin J. Duerst
- Re: revised "generic syntax" and "data:" internet… Larry Masinter
- Re: revised "generic syntax" and "data:" internet… Roy T. Fielding
- Re: revised "generic syntax" and "data:" internet… Dan Oscarsson
- Re: revised "generic syntax" internet draft Martin J. Duerst
- Re: revised "generic syntax" internet draft Roy T. Fielding
- Re: revised "generic syntax" internet draft Edward Cherlin
- Re: revised "generic syntax" internet draft Harald.T.Alvestrand
- Re: revised "generic syntax" internet draft Martin J. Duerst