- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 4 Jan 1995 11:55:33 PST
- To: mvanheyn@cs.indiana.edu
- Cc: raisch@internet.com, uri@bunyip.com, nsb@bellcore.com
I've realized that the 'security hole' we've identified with the proposed 'mailmsg' URL scheme exists also for use of the message/external-body, but RFC1521 doesn't call it out particularly. I don't think that we should shirk dealing with security considerations in URL schemes, but rather, we might expect RFC1521 to expand the security consideration section to address the issue of possible mail-spoofing in message/external-body messages, e.g.: ================================================================ Content-Type: message/external-body; access-type=mail-server Server="president@whitehouse.gov" Content-type: text/plain Content-ID: <666@devil.org> Insert generic death threat here. ================================================================
Received on Wednesday, 4 January 1995 14:56:06 UTC