- From: Dirk Herr-Hoyman <hoymand@gate.net>
- Date: Wed, 4 Jan 1995 09:14:01 -0500
- To: uri@bunyip.com
- Cc: uri@bunyip.com
At 12:57 PM 1/4/95, Marc VanHeyningen wrote: >> Since URLs are hardly something which the casual user might have >> >> - an overriding interest in >> >> - an appreciation of the consequences of >> >> - comprehensive knowledge of >> >> I would politely suggest that this is a bad idea. For a more in depth >> explanation of the inadvisability of this URL scheme please see: >> >> <mailmsg:president@whitehouse.gov//Death Threat/I'm gonna git you sucka> > What we are trying to address here (and I'm the person who earily proposed a similar mailserver URL), is the ability to access resources that are ONLY available via e-mail retrieval. If we are to have a URL for this, then the example given above will certainly be possible. I don't really want to create more ways to spoof e-mail, but I also would like to see the functionality of URL extended to e-mail retrieval. It looks to me that these 2 requirements are fundamentally in conflict here. >This is, of course, a serious concern. As Larry pointed out, similar >concerns also exist for the gopher: URL, since it can be used to spoof >mail messages in less obvious ways. > And there are lot's of other ways to spoof e-mail, including many POP user agents that let you set your own return address. E-mail, as it is currently incarnated on the Internet, is inherently insecure. I would like to see an e-mail retrieval URL, whill still being sensitive to the security concerns. But, since e-mail is already inherently insecure, my feeling is that the increased functionlity of such a URL is more important then preventing yet another hole. -- Dirk Herr-Hoyman <hoymand@gate.net> | I tried to contain myself CyberBeach Publishing | but * Internet publishing services | I got out Lake Worth, Florida, USA | Web: http://www.gate.net/cyberbeach.html Phone: +1.407.540.8309
Received on Wednesday, 4 January 1995 09:13:10 UTC