Re: Injection-Info issues
Frank Ellermann <nobody@xyzzy.claranet.de> Tue, 07 June 2005 01:14 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11902 for <usefor-archive@lists.ietf.org>; Mon, 6 Jun 2005 21:14:08 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j571Co8S088915 for <ietf-usefor-skb@above.proper.com>; Mon, 6 Jun 2005 18:12:50 -0700 (PDT) (envelope-from owner-ietf-usefor@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j571Cn2f088914 for ietf-usefor-skb; Mon, 6 Jun 2005 18:12:49 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-usefor@mail.imc.org using -f
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j571CkRu088907 for <ietf-usefor@imc.org>; Mon, 6 Jun 2005 18:12:47 -0700 (PDT) (envelope-from usenet-format@gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DfSZv-0005NH-Pg for ietf-usefor@imc.org; Tue, 07 Jun 2005 03:08:27 +0200
Received: from 62.80.58.39 ([62.80.58.39]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-usefor@imc.org>; Tue, 07 Jun 2005 03:08:27 +0200
Received: from nobody by 62.80.58.39 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-usefor@imc.org>; Tue, 07 Jun 2005 03:08:27 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf-usefor@imc.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Subject: Re: Injection-Info issues
Date: Tue, 07 Jun 2005 03:09:16 +0200
Organization: <URL:http://purl.net/xyzzy>
Lines: 72
Message-ID: <42A4F3BC.3FE5@xyzzy.claranet.de>
References: <IHGr56.L6z@clerew.man.ac.uk> <429F43A1.355D@xyzzy.claranet.de> <IHIJrA.4AA@clerew.man.ac.uk> <42A0F368.73F3@xyzzy.claranet.de> <IHoDrL.qM@clerew.man.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 62.80.58.39
X-Mailer: Mozilla 3.0 (OS/2; U)
Sender: owner-ietf-usefor@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-Unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
List-ID: <ietf-usefor.imc.org>
Content-Transfer-Encoding: 7bit
Charles Lindsey wrote: > the IANA registry for each media type includes details > of all the parameters appropriate for that media type. Checking draft-lilly-text-troff-04.txt and RfC 3676, yes, it does. > we have not proposed an IANA Registry for Injection-Info > parameters (thoug we could if we were so minded). Not at the moment. Add authentication= with a reference to the new NNTPauth, Russ said that this is a good idea. Alexey would warn us if NNTPauth is blocked. > Which means that <attribute>s are different from <token>s, > which is what I said. That didn't change "x-", 2045 had attribute := token, and x-token is a special case of extension-token unrelated to attribute. x-token is only used in mechanism (7bit, 8bit, etc.), in subtype, and in type (indirectly), not in any parameter. Maybe I should test x-9bit for the nonets in RfC 4042. > 2045 most certainly did "strange things" with <x-token>s, > and <attribute>s inherit those same "strange things". In my copy <attribute> comes nowhere near to any <x-token>, <extension-token>, <iana-token>, or <ietf-token>. It's in "appendix A - collected grammar", the last three pages. "x-attribute" does not exist, it's a hallucination. If you say that you want to create it from scratch it's fine, you could use the SPF trick. Or merge it with 2231 <shudder /> > You just tell people that, if they post through your server, > then the Injection-Info header will identify them. If they > don't like that, then they have to go to a different server. > That is the EU law (slightly simplified, I grant you). Anoymous and pseudonumous access is a right in a German law, and the threads discussing this issue put together in a row are worse than our "Re: ferences" here. I'm not directly affected, my favourite server is news.clara.net in the UK ;-) > In general, the Americans are less squeamish :-( . They can't spell privacy without a dictionary. They don't understand why any @gmail address is begging for a *PLONK*. > That vulnerability is nothing to do with RFC 2231. It's about MIME, and this part of the debate was about USEFOR 2.3 "MIME Conformance": | User agents MUST meet the definition of MIME-conformance in | [RFC2049] and MUST also support [RFC2231]. 2049 is "minimal MIME conformance", 2231 did not update 2049. Anyway, for USEFOR we need security considerations about 2231: MIME security considerations are discussed in [RFC2046]. Note that applying some [RFC2231] extensions for parameters like multi-line paramters on a boundary parameter as defined in [RFC2046] might be abused to bypass simple algorithms trying to analyze MIME parts. That's all. Bye, Frank
- Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Russ Allbery
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Russ Allbery
- Re: Injection-Info issues Bruce Lilly
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Russ Allbery
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Harald Tveit Alvestrand
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Russ Allbery
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Frank Ellermann
- Re: Injection-Info issues Charles Lindsey
- Re: Injection-Info issues Bruce Lilly
- security considerations (was: Injection-Info issu… Frank Ellermann
- security considerations (was: Injection-Info issu… Frank Ellermann
- Re: security considerations Frank Ellermann
- Re: security considerations (was: Injection-Info … Bruce Lilly
- Re: security considerations Frank Ellermann
- Re: security considerations Bruce Lilly
- Re: security considerations Frank Ellermann