- From: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
- Date: Tue, 23 Aug 2011 23:08:54 +0200
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: uri-review@ietf.org, uri@w3.org
On 23 August 2011 17:57, Bjoern Hoehrmann wrote: >>Security considerations: >> The generic and overall URI syntax is specified in STD 66, anything >> else (not limited to pack:) is no URI and could cause havoc, compare >> <http://www.kb.cert.org/vuls/id/358017>. > This would need to elaborate on how VU#358017 is relevant here. A registration template isn't a good place to discuss problems caused by non-URIs interpreted as URIs. VU#358018 had nothing to do with "pack:", it is an example that problems with broken URIs are not only theoretical. I suggest to remove that example instead of elaborating it, see below. -Frank -------------------------------------------------------------------------- URI scheme name: pack Status: historical URI scheme syntax: There was no pack: syntax compatible with STD 66, cf. <http://www.ietf.org/mail-archive/web/uri-review/current/msg00678.html>, <http://www.ietf.org/mail-archive/web/uri-review/current/msg00548.html>. URI scheme semantics: n/a due to a lack of STD 66 syntax. Encoding considerations: The pack: encoding assumed US-ASCII after un-escaping percent-encoded characters in an encapsulated <authority> (4.c in the expired drafts) and case-insensitive US-ASCII in the <path> (5.c in the expired drafts). Applications/protocols that use this URI scheme name: The pack: scheme could not be used as an URI scheme in applications or protocols. Other uses of pack: are noted in the expired drafts. Interoperability considerations: All URI schemes have to follow the generic STD 66 syntax, as that was not the case for pack: any "interoperability" would be by the chance of similarly broken implementations. Security considerations: The generic and overall URI syntax is specified in STD 66, anything else (not limited to pack:) is no URI and could cause havoc. Contact: <uri-review@ietf.org> and <uri@w3.org> mailing lists. Author/Change controller: IESG (the transition from a "provisional" to "historical" status is not covered by BCP 35 section 5.3; maybe the pack: scheme could be simply identified as "non-URI" and removed from the scheme registry). References: STD 66 (RFC 3986), I-D.shur-pack-uri-scheme-05 (same as -03 and -04).
Received on Tuesday, 23 August 2011 21:09:44 UTC