- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 16 Mar 2008 20:30:54 +0100
- To: ietf-http-wg@w3.org
...speaking of which. In Part3, we currently refer to both RFC1806 (the original definition) and RFC2183 (which updated RFC1806). Wouldn't it make sense to drop the references to the historical document? Also, I can't help noticing that in Section 8.2 (<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p3-payload-02.html#rfc.section.8.2>) we say "8.2 Content-Disposition Issues [RFC1806], from which the often implemented Content-Disposition (see Appendix B.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See [RFC2183] (which updates [RFC1806]) for details." ...which is really vague. Are there more considerations than those mentioned in <http://tools.ietf.org/html/rfc2183#section-5>? BR, Julian
Received on Sunday, 16 March 2008 19:31:48 UTC