[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues outstanding

To: LIST: ietf-usefor@xxxxxxx;
Subject: Re: Issues outstanding
From: "Charles Lindsey" <chl@xxxxxxxxxxxxxxxx>
Date: Tue, 28 Dec 2004 11:01:16 GMT
List-archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-id: <ietf-usefor.imc.org>
List-unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
Newsgroups: local.usefor
References: <> <> <> <> <>
Sender: owner-ietf-usefor@xxxxxxxxxxxx
Xref: clerew local.usefor:20522

In <20041222230155.GA1758@xxxxxxxxxxxxx> Dirk Nimmich <nimmich@xxxxxxxxxxx> writes:

>Alexey Melnikov wrote:
>> Charles Lindsey wrote:
>>> In <41C87921.5000404@xxxxxxxxx> Alexey Melnikov 
>>> <alexey.melnikov-usefor@xxxxxxxxx> writes:
>[...]
>>>> 6. Remove filename parameter from the Archive header.
>>>
>> I have not seen any argument in support of the "filename"
>> parameter.  If there is no support - we don't need to document it.

>I haven't had the time to follow the discussion on this topic, but
>the original intent was to replace the Archive-Name pseudo header
>(or to have a formal way to represent it). If the semantics for
>Content-Disposition's filename parameter were the same, that would
>be alright; but since Archive-Names routinely contain (logical) path
>information which is to be deleted for security reasons in
>Content-Disposition's filename parameter I doubt it is.

That was not so much an intent, as a possible application that became
apparent soon afterwards.

I mentioned in reply to Frank yesterday that Martin Dürst's proposed
Archived-At header (if it ever happens) might also be suitable as an
Archive-Name pseudo header replacement, but now I am not so sure, since
that would normally provide a URL including a host name (e.g.
Archived-At:
  <ftp://rtfm.mit.edu/pub/usenet/news.answers/usenet/welcome/part1>),
whereas what is used in the Archive-Name pseudo header (and what I had in
mind for the Archive filename parameter) is just the
"usenet/welcome/part1" bit, on the grounds that there are lots of mirrors
of rtfm.mit.edu, all using the same filename (not necessarily with the
same Path preceding it).

Also, I do not quite follow your point about deleting path information for
security reasons. There is no requirement in RFC 2183 for such deletion,
though there is a warning of dangers under Security Considerations. But
then there is also a similar warning under Security Considerations in our
draft for the Archive header, so there is no real difference there.

Anyway, the question to be decided is whether or not to retain the
filename parameter in our Archive header, both because of its possible
future use, and also to allow future extensions to add further parameters.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl@xxxxxxxxxxxxxxxx      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

Follow-Ups:
- Archive (was: Issues outstanding)
  - From: Frank Ellermann

References:
- Issues outstanding
  - From: Charles Lindsey
- Re: Issues outstanding
  - From: Alexey Melnikov
- Re: Issues outstanding
  - From: Charles Lindsey
- Re: Issues outstanding
  - From: Alexey Melnikov
- Re: Issues outstanding
  - From: Dirk Nimmich

Prev by Date: Re: msg-id
Next by Date: Re: msg-id
Previous by thread: Re: Issues outstanding
Next by thread: Archive (was: Issues outstanding)
Index(es):
- Date
- Thread