Re: mailserver URL

Stephen R. van den Berg (berg@pool.informatik.rwth-aachen.de)
Tue, 31 Jan 1995 13:48:55 +0100


Message-Id: <9501311248.AA14007@tabaqui>
From: berg@pool.informatik.rwth-aachen.de (Stephen R. van den Berg)
Date: Tue, 31 Jan 1995 13:48:55 +0100
In-Reply-To: "Roy T. Fielding"'s message as of 1995 Jan 30 Mon 20:13.
       <9501302013.aa19151@paris.ics.uci.edu>
To: uri@bunyip.com
Subject: Re: mailserver URL

In principle I'm charmed by the scalability of the approach to allow
arbitrary header fields to be specified.  But, if people consider this
to be too much of a security hazard, why not simply state in the RFC that
implementors should initially ignore any header fields except Subject, and
that on explicit configuration, some specified headers fields are to be
accepted.

This way you can have the best of both worlds.  I.e. the RFC doesn't forbid
the use of extra fields, it just recommends that they are ignored by default.
It would allow an implementation to allow some header field to be included
if it became popular some time in the future.

-- 
Sincerely,                                  berg@pool.informatik.rwth-aachen.de
           Stephen R. van den Berg (AKA BuGless).

"Listen very carefully, I shall only say this once."