W3C home > Mailing lists > Public > ietf-discuss@w3.org > November 2001

Re: TFTP URL

From: Martin Duerst <duerst@w3.org>
Date: Wed, 21 Nov 2001 16:37:36 +0900
Message-Id: <4.2.0.58.J.20011121163621.03cfb960@localhost>
To: John C Klensin <klensin@jck.com>, discuss@apps.ietf.org
I don't have much to add here, except to very clearly point
out that URIs are about much more than only 'just click here'.

Regards,  Martin.

At 16:01 01/11/19 -0500, John C Klensin wrote:
>Hi.
>
>Patrik suggested that I post these notes back to this list.
>
>Quick summary:  TFTP, while useful for some purposes, is not, by
>a wide margin, our best example of operationally- or
>security-conscious protocol design.  It should not be used
>except under carefully-constrained and controlled circumstances
>(the RFCs on it say that).  Consequently, unless there is a very
>strong argument showing why we need a URL type for it, one of
>those (or anything else that encourages "just click here" or
>"just execute that line" use should be avoided.  Obviously, we
>know how to do a URL for it, but the fact that we can doesn't
>indicate that we should.
>
>Just my opinion, but I'm happy to show scars and tell war
>stories if needed.
>
>    john
Received on Wednesday, 21 November 2001 04:20:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:29 GMT