- From: Paul Hoffman <ietf-lists@proper.com>
- Date: Mon, 6 Mar 1995 09:06:25 -0700
- To: Jared_Rhine@hmc.edu
- Cc: uri@bunyip.com
At 9:53 AM 3/6/95, Jared_Rhine@hmc.edu wrote: >It might make sense to restrict the outgoing request to only a single line, >as I believe the finger protocol works (at least, I've never been able to >get a server to parse more than one line). This would reduce the >possibility of a port 25 (SMTP) spoof. The current (and future) draft says: "Clients should not decode CR and LF characters in a URL." >Speaking of end-of-lines, does your >finger proposal specify how the <request> is terminated? No, because... >Does the finger >protocol spec? Yes, it does: a CRLF. Thus, the client reads the URL and turns it into a request. In the case of a mindful client, this means decoding, checking for security, checking for sanity, slapping on a CRLF, and sending it on its way. --Paul Hoffman --Proper Publishing
Received on Monday, 6 March 1995 12:05:28 UTC