- From: Stephen R. van den Berg <berg@pool.informatik.rwth-aachen.de>
- Date: Tue, 31 Jan 1995 13:48:55 +0100
- To: uri@bunyip.com
In principle I'm charmed by the scalability of the approach to allow
arbitrary header fields to be specified. But, if people consider this
to be too much of a security hazard, why not simply state in the RFC that
implementors should initially ignore any header fields except Subject, and
that on explicit configuration, some specified headers fields are to be
accepted.
This way you can have the best of both worlds. I.e. the RFC doesn't forbid
the use of extra fields, it just recommends that they are ignored by default.
It would allow an implementation to allow some header field to be included
if it became popular some time in the future.
--
Sincerely, berg@pool.informatik.rwth-aachen.de
Stephen R. van den Berg (AKA BuGless).
"Listen very carefully, I shall only say this once."
Received on Tuesday, 31 January 1995 07:49:44 UTC