W3C home > Mailing lists > Public > uri@w3.org > July 2011

Re: [apps-discuss] Fwd: I-D Action: draft-yevstifeyev-ftp-uri-scheme-04.txt

From: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
Date: Fri, 8 Jul 2011 21:29:05 +0200
Message-ID: <CAHhFybq4x1hVVhoSA=ZAV890ARYyqRMpGScAbrv4LxB0wZjrkg@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: Mykyta Yevstifeyev <evnikita2@gmail.com>, URI <uri@w3.org>, Apps-discuss list <apps-discuss@ietf.org>
On 8 July 2011 19:46, John C Klensin <john-ietf@jck.com> wrote:

>> The anonymous:mail construct is also not more state of the art
>> for privacy reasons, unless it is a mail address in TLD invalid
>> or similar.

> Disagree.  If I'm an FTP repository provider, I can ask you to
> give up your email address in return for service if I want to.
> Whether I trust the address you give me is another matter, but
> that isn't a privacy issue.

Your server, your rules.  Nevertheless user agents such as web
browsers MUST NOT use valuable email accounts in anonymous FTP
connections without explicit consent of the user.  I don't think
that address harvesting by spammers on anonymous FTP servers is a
serious threat, but "anonymous" should be what the name says, as
long as the user didn't explicitly set something else.

If your FTP server does not accept anonymous:me@privacy.invalid
it is fine, I'd know how to use another FTP client where I can
add one of the addresses you know.  But exactly these addresses
should not be used in anonymous connections with arbitrary FTP
servers, unless I explicitly confirmed it for a given server.

Received on Friday, 8 July 2011 19:29:53 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:55 UTC