James M Snell wrote:
Not a proofreading issue, but shouldn't section 5 say something about DOS attacks using replies links to third party servers? I wouldn't be surprised if some clients automatically subscribed to all replies linksin a feed even if they were 100MB zip files on a completely different site.Hmm.. this problem would apply generally to all types of Atom link wouldn't it? In any case, it likely would be good to at least mention that implementations should take care when using the replies link to automatically subscribe to feeds.
I don't think it necessarily applies to all links, just those that are likely to be followed automatically. I'm fairly sure I've seen aggregators that have an option for automatically subscribing to wfw:commentRss links so I'm assuming they're likely to do the same for this extension. Enclosures are another link type where I would consider this an issue.
I didn't see anything mentioned in the security section of RFC4287 though, so maybe it's not such a big deal. Mark's feed history draft covers it, but it could be argued that the feed history links probably SHOULD be followed, whereas enclosure and replies links only MAY be followed.
Anyway I'm not really sure it's essential. I just thought I should mention it in case it's the kind of thing that causes problems for you when submitting to the IETF.
Regards James