Re: userinfo allowed in http URI or not?

Sent this on March 8, but still not on the list, so I try it a second time.
Your mail from Feb 19:

 > I think that's exactly what it means--if the password is "anonymous"
 > or "" then it may be shown.  I don't know the rationale for this
 > recommendation, but the intended meaning seems clear to me.  If it
 > appears ambiguous to some, maybe it should be rephrased to leave no room
 > for doubt:
 >     Applications should not render as clear text any data after the
 >     first colon (":") character found within a userinfo sub-component
 >     unless the data after the colon is the string "anonymous" or the
 >     empty string (indicating no password).

But it's not the password which is "anonymous", it's the username! A
password of "anonymous" is just a password like any other and as valid as
any other, it's not "special". You log in to an ftp server with a user of
"anonymous" or "guest" or so and then the server responds with something
like "anonymous access ok, please type your email address as the password"
if it allows anonymous access. So, the keyword "anonymous" does not belong
in the password but in the user part of userinfo. Maybe just phrase

"unless the data provided is used/intended for anonymous access".

This leaves everything about the specific syntax open, in case there are
schemes/servers which allow anonymous access in a different way. (I don't

Kai Sch糘zl


Get your web at Conactive Internet Services:

Received on Wednesday, 10 March 2004 15:49:22 UTC