ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

conformance languages (issue 278), was: Last Call: <draft-ietf-httpbis-content-disp-06.txt> (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) to Proposed Standard

2011-03-01 09:51:15
from [Julian Reschke] [Permanent Link] 
Hi Barry,
we're tracking this as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/278>. 


On 01.03.2011 00:33, Barry Leiba wrote:

I'm sorry not to have posted this during WGLC, but I didn't notice it until now:

The document uses the phrase "are advised [to do something]" in two
places (the penultimate paragraph in Section 4.3, and the beginning of
Appendix D).  I suggest that we either switch to 2119 language
("SHOULD [do something]") or insert a sentence into section 2 that
explains the normative meaning of "ADVISED" that we intend (as being
softer than SHOULD).  Even if we want to leave it fluffy, we should
probably make it clear that we're intentionally leaving it fluffy.[1]

Barry

[1] Apologies to Cullen, in case he has trademarked "fluffy".


Or maybe we should revise RFC 2119 :-).
I agree that this needs tuning; but I'd rather not invent a new keyword for that.
The appendix D (<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-06.html#rfc.section.D>) isn't meant to be normative; thus I believe leaving it the way it is ought to be ok.
With respect to <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-content-disp-06.html#rfc.section.4.3>, I believe we really should say "SHOULD" in all the three last items: 

   o  Many platforms do not use Internet Media Types ([RFC2046]) to hold
      type information in the file system, but rely on filename
      extensions instead.  Trusting the server-provided file extension
      could introduce a privilege escalation when the saved file is
      later opened (consider ".exe").  Thus, recipients need to ensure
      that a file extension is used that is safe, optimally matching the
      media type of the received payload.

-> SHOULD ensure

   o  Recipients are advised to strip or replace character sequences
      that are known to cause confusion both in user interfaces and in
      filenames, such as control characters and leading and trailing
      whitespace.

-> SHOULD strip or replace

   o  Other aspects recipients need to be aware of are names that have a
      special meaning in the file system or in shell commands, such as
      "." and "..", "~", "|", and also device names.

-> ...and SHOULD and ignore or substitute these names...
...the last one is a bit tricky, as what's special really depends on the operating system... 

Best regards, Julian

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Where to find IETF recommendations?, Andrew Sullivan
Next by Date:  Re: conformance languages (issue 278), was: Last Call: <draft-ietf-httpbis-content-disp-06.txt> (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) to Proposed Standard, Barry Leiba
Previous by Thread:  Re: Where to find IETF recommendations?, Mark Nottingham
Next by Thread:  Re: conformance languages (issue 278), was: Last Call: <draft-ietf-httpbis-content-disp-06.txt> (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) to Proposed Standard, Barry Leiba
Indexes:  [Date] [Thread] [Top] [All Lists]