So, going back to my original questions:
On 11/18/07 at 5:36 PM -0800, ned+ietf-822(_at_)mrochek(_dot_)com wrote:
[John Klensin wrote:]
--On Wednesday, 17 October, 2007 09:46 -0700 Pete Resnick
- Domain literals on the right hand side of addresses
This is the one that affects 2821bis. The control characters cannot
appear in either IPv4 address or IPv6 address domain literals. They
can, in principle, appear in General Address literal, but those
require standards track action, etc., and one could easily cut them
off there. In other words, they are permitted in principle, but
prohibited in practice and are going to stay that way. It is
therefore probably safe to let this go.
Agreed. The issue is really with 2822. 2821's rules for defining new
address literals offer sufficient protection IMO.
So you and John are saying that we should pull NO-WS-CTL out of dtext?
Should we allow control characters in quoted-pair inside domain-literal?
Should we allow quoted-pair at all in domain-literal?
(Remember that they all appear in the obsolete (i.e., must be able to
handle for interpretation) syntax.)
The first is easy. The latter two are trickier, with the second one
giving me severe heartburn.
- Quoted strings (which can be on the left hand size of addresses
as well as lots of other structured header fields)
The address part of this is a little more problematic than the case
above, but also easier, under the "you can screw only yourself by
putting one of those addresses up on your server" principle.
So John, you are saying that we should leave NO-WS-CTL in quoted-string?
- Comments (which can appear in lots of structured header fields
including address fields)
- Unstructured text (in fields and in the body)
The rest of this is, indeed, a 2822 problem.
Yep, that's where it really needs to be dealt with.
And the answer to whether or not we should leave NO-WS-CTL in these is....?
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102