- From: Martin Duerst <duerst@it.aoyama.ac.jp>
- Date: Mon, 24 Oct 2005 19:25:50 +0900
- To: Frank Ellermann <nobody@xyzzy.claranet.de>, uri@w3.org
I have looked through this discussion for an update of draft-duerst-mailto-bis (to go out in an hour or so). I agree that Etan's proposal is more elegant, but more complicated. I personally prefer Frank's more straight- forward proposal, and will go with it for the next draft. But as I'm not an expert, please look at that draft when it comes out and send comments. (including the examples section, where I have added three examples provided by Frank). I have also changed 1. All characters that can appear in "mailbox" but are reserved or not allowed in URIs have to be percent-encoded. Examples are parentheses, commas, and the percent sign ("%"), which commonly occur in the "mailbox" syntax. to 1. All characters that can appear in "addr-spec" but are not in the unreserved category in [RFC3986] have to be percent-encoded. Examples are parentheses, commas, and the percent sign ("%"), which commonly occur in the "addr-spec" syntax. This leaves the spec the same, but takes care of the fact that the definition of reserved characters changed from RFC 2396 to RFC 3986. Maybe there would no longer be a need for escaping parentheses, but it's likely that changing the spec that way would create problems in some applications. I have also added Tim, Frank, and Etan to the ack section; please tell me if you don't want that. Regards, Martin. At 15:16 05/07/12, Frank Ellermann wrote: > >Etan Wexler wrote: > >> are you implying that the <NO-WS-CTL> characters are obsolete >> in e-mail addresses? > >Not used in practice as far as I can judge it. Funny escape >sequences causing all kinds of havoc with simple MUAs are a >bad idea, nobody needs or does this. > >> Should RFC 2822 get a revision? > >IMHO a 2822bis should move NO-WS-CTL to chapter 4 (obsolete). > >> Does either answer affect what route the ?tag? scheme should >> take? > >It depends on your priorities, if your priority is "any legal >address should be allowed" you need NO-WS-CTL plus the syntax >for this crap plus (maybe) security considerations. If your >main priority is a readable text without tons of obscure rules >all you need is a statement that you excluded some ugly cases. > >> Will software authors screw this up? > >PURL is a case where I know that they decode URLs, %25 instead >of % does the trick (e.g. %2520 results in %20, i.e. a space). > >> is it proper that the ?tag? scheme flatly ban the use of >> e-mail addresses with ?percent? signs? > >Somewhere you draw the line, it's your decision. Banning a % >only to avoid %25 sounds like a bad decision. > >> a lousy programmer can make a security problem out of any >> situation. > >True, but if you support encoded NO-WS-CTL you have no reasons >to exclude other syntactically valid addresses, so in that case >just support everything (minus CFWS, modulo obs-, i.e. isolated >CR or LF not included in NO-WS-CTL) > >> to me, the question is about the probability of software >> authors screwing it up and about the scale of the screw-up. > >"Take local part as is and encode" is simple. If you start to >explain quoted-string, quoted-pair, and semantical content to >get a shorter and nicer '...'@example it's not so simple, YMMV. > > Bye, Frank
Received on Monday, 24 October 2005 10:44:06 UTC