- From: Mark Baker <distobj@acm.org>
- Date: Sun, 25 Nov 2001 10:58:48 -0500 (EST)
- To: michael@neonym.net
- Cc: paf@cisco.com (Patrik Fältström), discuss@apps.ietf.org
> But its also not enforceable by us. There was a joint IETF/W3C group > that looked at many of the issues and problems with URIs and one > of the recommendations we made was that registration of schemes neede > to be made much easier for the simple reason that when someone needs > one they 'just make one'. If you want to see the consequences take a look > at Dan Connolly's list of currently extant but unregistered schemes: I agree with that recommendation, but only when the scheme is already in common use. Is that the case for TFTP? > http://www.w3.org/Addressing/schemes.html > > None of these schemes have any review process, documentation, or > interoperability requirements. IMHO, the best thing we can do is provide > them a registration process that at least requires them to document their > gross lack of security considerations. Assertions that we shouldn't > register them because their resolution process is 'unsafe' (can you > define that?) Sure. Resolution must be free from side effects. > are really useless because there is no real, immediate > consequence to _not_ being registered. In other words, if you do or don't > register 'tftp:' won't really matter, everyone will still use it > regardless of whether or not its registered. With that, I think we've come full circle back to John's concern (which I share) about doing it just because we can. MB -- Mark Baker, Chief Science Officer, Planetfred, Inc. Ottawa, Ontario, CANADA. mbaker@planetfred.com http://www.markbaker.ca http://www.planetfred.com
Received on Sunday, 25 November 2001 11:01:16 UTC