> But its also not enforceable by us. There was a joint IETF/W3C group > that looked at many of the issues and problems with URIs and one > of the recommendations we made was that registration of schemes neede > to be made much easier for the simple reason that when someone needs > one they 'just make one'. If you want to see the consequences take a look > at Dan Connolly's list of currently extant but unregistered schemes: I agree with that recommendation, but only when the scheme is already in common use. Is that the case for TFTP? > http://www.w3.org/Addressing/schemes.html > > None of these schemes have any review process, documentation, or > interoperability requirements. IMHO, the best thing we can do is provide > them a registration process that at least requires them to document their > gross lack of security considerations. Assertions that we shouldn't > register them because their resolution process is 'unsafe' (can you > define that?) Sure. Resolution must be free from side effects. > are really useless because there is no real, immediate > consequence to _not_ being registered. In other words, if you do or don't > register 'tftp:' won't really matter, everyone will still use it > regardless of whether or not its registered. With that, I think we've come full circle back to John's concern (which I share) about doing it just because we can. MB -- Mark Baker, Chief Science Officer, Planetfred, Inc. Ottawa, Ontario, CANADA. mbaker@planetfred.com http://www.markbaker.ca http://www.planetfred.comReceived on Sunday, 25 November 2001 11:01:16 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:29 GMT