finger, again

Paul Hoffman (
Sun, 5 Mar 1995 20:02:28 -0700

Message-Id: <v02110101ab8026052c06@[]>
Date: Sun, 5 Mar 1995 20:02:28 -0700
From: (Paul Hoffman)
Subject: finger, again

I propose the following:

The "finger" URL has the form:


The <request> must conform with the RFC 1288 request format.
A finger client could simply send the <request> to the host designated
in the first part of the URL at the specified port after decoding any
escaped characters.

I believe that the "host" is the host to which the request is *first* sent.
Otherwise, we are getting into routing issues, which I think are
inappropriate for URL schemes. Also, it is likely that >99% of the finger
URLs we see will be simply "finger://host/user" or "finger://host". Let's
not burden the spec with how to do the oddball @host1@host2 stuff.



For the security part, I would add:

As explained in RFC 1738, URLs that use non-standard port numbers pose a
potential security risk for users of those URLs. If a port other than 79 is
specified in a finger URL, the finger client might warn the user or reject
the URL altogether.

How does this sound to everyone?