W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

conformance languages (issue 278), was: Last Call: <draft-ietf-httpbis-content-disp-06.txt> (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) to Proposed Standard

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 01 Mar 2011 16:50:42 +0100
Message-ID: <4D6D15D2.8070704@gmx.de>
To: Barry Leiba <barryleiba@computer.org>
CC: ietf@ietf.org, ietf-http-wg@w3.org
Hi Barry,

we're tracking this as 

On 01.03.2011 00:33, Barry Leiba wrote:
> I'm sorry not to have posted this during WGLC, but I didn't notice it until now:
> The document uses the phrase "are advised [to do something]" in two
> places (the penultimate paragraph in Section 4.3, and the beginning of
> Appendix D).  I suggest that we either switch to 2119 language
> ("SHOULD [do something]") or insert a sentence into section 2 that
> explains the normative meaning of "ADVISED" that we intend (as being
> softer than SHOULD).  Even if we want to leave it fluffy, we should
> probably make it clear that we're intentionally leaving it fluffy.[1]
> Barry
> [1] Apologies to Cullen, in case he has trademarked "fluffy".

Or maybe we should revise RFC 2119 :-).

I agree that this needs tuning; but I'd rather not invent a new keyword 
for that.

The appendix D 
isn't meant to be normative; thus I believe leaving it the way it is 
ought to be ok.

With respect to 
I believe we really should say "SHOULD" in all the three last items:

    o  Many platforms do not use Internet Media Types ([RFC2046]) to hold
       type information in the file system, but rely on filename
       extensions instead.  Trusting the server-provided file extension
       could introduce a privilege escalation when the saved file is
       later opened (consider ".exe").  Thus, recipients need to ensure
       that a file extension is used that is safe, optimally matching the
       media type of the received payload.

-> SHOULD ensure

    o  Recipients are advised to strip or replace character sequences
       that are known to cause confusion both in user interfaces and in
       filenames, such as control characters and leading and trailing

-> SHOULD strip or replace

    o  Other aspects recipients need to be aware of are names that have a
       special meaning in the file system or in shell commands, such as
       "." and "..", "~", "|", and also device names.

-> ...and SHOULD and ignore or substitute these names...

...the last one is a bit tricky, as what's special really depends on the 
operating system...

Best regards, Julian
Received on Tuesday, 1 March 2011 15:58:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:56 UTC