W3C home > Mailing lists > Public > uri@w3.org > January 1995

Re: Predraft of a new URL scheme: mailmsg

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 4 Jan 1995 11:55:33 PST
To: mvanheyn@cs.indiana.edu
Cc: raisch@internet.com, uri@bunyip.com, nsb@bellcore.com
Message-Id: <95Jan4.115534pst.2760@golden.parc.xerox.com>
I've realized that the 'security hole' we've identified with the
proposed 'mailmsg' URL scheme exists also for use of the
message/external-body, but RFC1521 doesn't call it out particularly. I
don't think that we should shirk dealing with security considerations
in URL schemes, but rather, we might expect RFC1521 to expand the
security consideration section to address the issue of possible
mail-spoofing in message/external-body messages, e.g.:

================================================================
Content-Type: message/external-body; access-type=mail-server
Server="president@whitehouse.gov"

Content-type: text/plain
Content-ID: <666@devil.org>

Insert generic death threat here.
================================================================
Received on Wednesday, 4 January 1995 14:56:06 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:29 UTC