- From: Frank Ellermann <nobody@xyzzy.claranet.de>
- Date: Tue, 12 Jul 2005 08:16:49 +0200
- To: uri@w3.org
Etan Wexler wrote:
> are you implying that the <NO-WS-CTL> characters are obsolete
> in e-mail addresses?
Not used in practice as far as I can judge it. Funny escape
sequences causing all kinds of havoc with simple MUAs are a
bad idea, nobody needs or does this.
> Should RFC 2822 get a revision?
IMHO a 2822bis should move NO-WS-CTL to chapter 4 (obsolete).
> Does either answer affect what route the ?tag? scheme should
> take?
It depends on your priorities, if your priority is "any legal
address should be allowed" you need NO-WS-CTL plus the syntax
for this crap plus (maybe) security considerations. If your
main priority is a readable text without tons of obscure rules
all you need is a statement that you excluded some ugly cases.
> Will software authors screw this up?
PURL is a case where I know that they decode URLs, %25 instead
of % does the trick (e.g. %2520 results in %20, i.e. a space).
> is it proper that the ?tag? scheme flatly ban the use of
> e-mail addresses with ?percent? signs?
Somewhere you draw the line, it's your decision. Banning a %
only to avoid %25 sounds like a bad decision.
> a lousy programmer can make a security problem out of any
> situation.
True, but if you support encoded NO-WS-CTL you have no reasons
to exclude other syntactically valid addresses, so in that case
just support everything (minus CFWS, modulo obs-, i.e. isolated
CR or LF not included in NO-WS-CTL)
> to me, the question is about the probability of software
> authors screwing it up and about the scale of the screw-up.
"Take local part as is and encode" is simple. If you start to
explain quoted-string, quoted-pair, and semantical content to
get a shorter and nicer '...'@example it's not so simple, YMMV.
Bye, Frank
Received on Tuesday, 12 July 2005 06:19:29 UTC