- From: Adrien de Croy <adrien@qbik.com>
- Date: Wed, 28 Jul 2010 14:05:58 +1200
- To: "Roy T. Fielding" <fielding@gbiv.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
I'm all for removing it, but isn't that the only way that IE will auth to an FTP server via an HTTP proxy? We see these URIs all the time. Regards Adrien On 28/07/2010 1:59 p.m., Roy T. Fielding wrote: > FYI, I added the following paragraph for draft 11 as part of addressing > ticket #159 in > > http://trac.tools.ietf.org/wg/httpbis/trac/changeset/877 > > p1, sec 2.6.1: added paragraph: > > The URI generic syntax for authority also includes a deprecated > userinfo subcomponent ([RFC3986], Section 3.2.1) for including > user authentication information in the URI. The userinfo > subcomponent (and its "@" delimiter) MUST NOT be used in an > "http" URI. URI reference recipients SHOULD parse for the > existence of userinfo and treat its presence as an error, > likely indicating that the deprecated subcomponent is being used > to obscure the authority for the sake of phishing attacks. > > I'm pretty sure that this topic was discussed before on list, though > I can't find the thread at the moment. Please let us know if you > disagree with this change. > > ....Roy > >
Received on Wednesday, 28 July 2010 02:06:49 UTC