- From: Martin Duerst <duerst@w3.org>
- Date: Wed, 21 Nov 2001 16:37:36 +0900
- To: John C Klensin <klensin@jck.com>, discuss@apps.ietf.org
I don't have much to add here, except to very clearly point out that URIs are about much more than only 'just click here'. Regards, Martin. At 16:01 01/11/19 -0500, John C Klensin wrote: >Hi. > >Patrik suggested that I post these notes back to this list. > >Quick summary: TFTP, while useful for some purposes, is not, by >a wide margin, our best example of operationally- or >security-conscious protocol design. It should not be used >except under carefully-constrained and controlled circumstances >(the RFCs on it say that). Consequently, unless there is a very >strong argument showing why we need a URL type for it, one of >those (or anything else that encourages "just click here" or >"just execute that line" use should be avoided. Obviously, we >know how to do a URL for it, but the fact that we can doesn't >indicate that we should. > >Just my opinion, but I'm happy to show scars and tell war >stories if needed. > > john
Received on Wednesday, 21 November 2001 04:20:02 UTC