Date: Wed, 02 Apr 1997 17:14:01 -0800 (PST) From: Chris Newman <Chris.Newman@innosoft.com> Subject: Re: revised "generic syntax" and "data:" internet drafts In-Reply-To: <3342F153.27B1@parc.xerox.com> To: Larry Masinter <email@example.com> Cc: IETF URI list <firstname.lastname@example.org>, email@example.com Message-Id: <Pine.SOL.3.95.970402171120.2607Afirstname.lastname@example.org> On Wed, 2 Apr 1997, Larry Masinter wrote: > > > ftp://ftp.ietf.org/internet-drafts/draft-fielding-url-syntax-04.txt > > Section 2.1.3 largely duplicates section 2.5. > > Section 2.2.2 has a "of of" > > I think the process in section 3 is unworkable. > > I think you were looking at a different document, since there is no section > 2.1.3, 2.2.2, and section 3 is not about process. (All of the process stuff > was removed). Those comments were referring to the process document. > > I think the ":<password>" should be removed from the default Internet > > component. Otherwise you encourage plaintext passwords (people will use > > them anyway if really necessary). > > This isn't the "default" Internet component, it is the "generic" Internet > component. And the security considerations section says: > > It is clearly unwise to use a URL that contains a password which is > intended to be secret. > > Need it say more? No. It needs to say less. Don't even bother suggesting a syntax for cleartext passwords -- it's not useful in the "generic" case.