Re: Predraft of a new URL scheme: mailmsg

Dirk Herr-Hoyman (hoymand@gate.net)
Wed, 4 Jan 1995 09:14:01 -0500


Date: Wed, 4 Jan 1995 09:14:01 -0500
Message-Id: <ab30be4604021004ae48@[199.227.1.80]>
To: uri@bunyip.com
From: hoymand@gate.net (Dirk Herr-Hoyman)
Subject: Re: Predraft of a new URL scheme: mailmsg
Cc: uri@bunyip.com

At 12:57 PM 1/4/95, Marc VanHeyningen wrote:
>> Since URLs are hardly something which the casual user might have
>>
>>       - an overriding interest in
>>
>>       - an appreciation of the consequences of
>>
>>       - comprehensive knowledge of
>>
>> I would politely suggest that this is a bad idea.  For a more in depth
>> explanation of the inadvisability of this URL scheme please see:
>>
>> <mailmsg:president@whitehouse.gov//Death Threat/I'm gonna git you sucka>
>
What we are trying to address here (and I'm the person who earily proposed
a similar mailserver URL), is the ability to access resources that are ONLY
available via e-mail retrieval.  If we are to have a URL for this, then the
example given above will certainly be possible.

I don't really want to create more ways to spoof e-mail, but I also would
like to see the functionality of URL extended to e-mail retrieval.  It
looks to me that these 2 requirements are fundamentally in conflict here.

>This is, of course, a serious concern.  As Larry pointed out, similar
>concerns also exist for the gopher: URL, since it can be used to spoof
>mail messages in less obvious ways.
>

And there are lot's of other ways to spoof e-mail, including many POP user
agents that let you set your own return address.  E-mail, as it is
currently incarnated on the Internet, is inherently insecure.

I would like to see an e-mail retrieval URL, whill still being sensitive to
the security concerns.  But, since e-mail is already inherently insecure,
my feeling is that the increased functionlity of such a URL is more
important then preventing yet another hole.

--
Dirk Herr-Hoyman <hoymand@gate.net> |          I tried to contain myself
CyberBeach Publishing               |                                but
   * Internet publishing services   |                          I got out
Lake Worth, Florida, USA            |
Web: http://www.gate.net/cyberbeach.html
Phone:     +1.407.540.8309