W3C home > Mailing lists > Public > uri@w3.org > November 2004

Re: draft-hoffman-news-nntp-uri-02.txt

From: Frank Ellermann <nobody@xyzzy.claranet.de>
Date: Sat, 06 Nov 2004 00:23:39 +0100
To: uri@w3.org
Message-ID: <418C0B7B.3BC3@xyzzy.claranet.de>

Charles Lindsey wrote:

> This draft seems pretty good as regards the news scheme

ACK.  The only thing I hadn't seen before is the * defined in
1738.

Please test it:  <news://news.spamcop.net/*>  With my excuse
for a real newsreader (Mozilla 3) it has the same effect as
<news://news.spamcop.net> or <news://news.spamcop.net/>:  It
"closes" news.gmane.org (where I read gmane.org.w3c.uri), and
"opens" news.spamcop.net showing my subscribed SC newsgroups.

> newsURL     = "news"  ":" [ news-server ]
>                ( newsgroup-name | '*' | message-id )
> news-server =  "//" server "/"
> message-id  = id-left "@" id-right

With that syntax <news://news.spamcop.net> would be invalid.
How about:

    newsURL     = "news:" ( group / article / news-server )
    group       = [ news-server "/" ] newsgroup-name
    article     = [ news-server "/" ] message-id
    news-server = "//" server [ "/" / "/*" ]

A message-id starting with "//" could be a problem.  How's
that supposed to work, more %2F hacks as for the ftp URLs ?

And newsgroup-name needs some proper syntax, anything where
"@" is impossible and not starting with "//" goes.

> Note that there is widespread use of the username-password
> authentication in news servers

I've never seen it in a newsURL.  IMHO it's unnecessary to
mention it.  Actually I know only five common forms:

news:message-id         ; Usenet article, use your own server
news:newsgroup-name     ; Usenet newsgroup, use your own server
news://server           ; some special server (usually public)
news://server/group            ; group on the special server
news://server/message-id       ; article on the special server

> there should be some warning that username-password
> authentication has security risks.

Isn't that covered by 2396bis ?  Just don't mention it at all.
Paul's draft is about the scheme, not about the finer points
of 2396bis or SASL w.r.t. nntp.

> <server> is defined in [2396bis], and provides for a <host>,
> a <port> (defaulting to 119 in this scheme) and possibly a
> username/password.

"and possibly a userinfo".  No details, it's all in 3.2.1 of
2396bis.

> still in widespread use on current news servers and so
> clients MAY implement it.

Delete this.  It has nothing to do with the scheme, and I've
never seen a <news://ogin:sword@host> in the wild.

> If no <server> is specified, the resources are to be
> retrieved from whatever server has been configured for local
> use.

ACK.  Actually my good old Mozilla 3 has "default servers" in
its configuration files, and uses this server if needed.  OTOH
if whatever server is already "open", then this is the default
server for unspecific news-URLs.

> The nntp URL schemes is used to refer to individual articles
> of USENET news, as specified in RFC 1036.

No.  It's used to refer to articles or newsgroups on _specific_
servers.  And not necessarily Usenet servers, any news server.

Actually it's a bad idea for Usenet articles and newsgroups,
because it works only for users of the specified news server.

My good old Mozilla 3 does not support this scheme.  They made
good stuff at Netscape before they lost their "war" against the
evil empire.

BTW, there was already a draft for news:, the author should be
mentioned in the credits:

<http://www.newsreaders.com/tech/draft-gilman-news-url-02.txt>

            Bye, Frank
Received on Friday, 5 November 2004 23:31:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 January 2011 12:15:35 GMT