Re: revised "generic syntax" and "data:" internet drafts

Chris Newman (Chris.Newman@innosoft.com)
Wed, 02 Apr 1997 17:14:01 -0800 (PST)


Date: Wed, 02 Apr 1997 17:14:01 -0800 (PST)
From: Chris Newman <Chris.Newman@innosoft.com>
Subject: Re: revised "generic syntax" and "data:" internet drafts
In-Reply-To: <3342F153.27B1@parc.xerox.com>
To: Larry Masinter <masinter@parc.xerox.com>
Cc: IETF URI list <uri@bunyip.com>, ietf-url@imc.org
Message-Id: <Pine.SOL.3.95.970402171120.2607A-100000@eleanor.innosoft.com>

On Wed, 2 Apr 1997, Larry Masinter wrote:

> > >   ftp://ftp.ietf.org/internet-drafts/draft-fielding-url-syntax-04.txt
> > Section 2.1.3 largely duplicates section 2.5.
> > Section 2.2.2 has a "of of"
> > I think the process in section 3 is unworkable. 
> 
> I think you were looking at a different document, since there is no section
> 2.1.3, 2.2.2, and section 3 is not about process. (All of the process stuff
> was removed).

Those comments were referring to the process document.

> > I think the ":<password>" should be removed from the default Internet
> > component.  Otherwise you encourage plaintext passwords (people will use
> > them anyway if really necessary).
> 
> This isn't the "default" Internet component, it is the "generic" Internet
> component. And the security considerations section says:
> 
>    It is clearly unwise to use a URL that contains a password which is
>    intended to be secret.
> 
> Need it say more?

No.  It needs to say less.  Don't even bother suggesting a syntax for
cleartext passwords -- it's not useful in the "generic" case.