--On Sunday, 18 November, 2007 22:48 -0600 Pete Resnick
<presnick(_at_)qualcomm(_dot_)com> wrote:
So, going back to my original questions:
On 11/18/07 at 5:36 PM -0800, ned+ietf-822(_at_)mrochek(_dot_)com wrote:
[John Klensin wrote:]
--On Wednesday, 17 October, 2007 09:46 -0700 Pete Resnick
<presnick(_at_)qualcomm(_dot_)com> wrote:
- Domain literals on the right hand side of addresses
This is the one that affects 2821bis. The control characters
cannot appear in either IPv4 address or IPv6 address domain
literals. They can, in principle, appear in General Address
literal, but those require standards track action, etc.,
and one could easily cut them off there. In other words,
they are permitted in principle, but prohibited in practice
and are going to stay that way. It is therefore probably
safe to let this go.
Agreed. The issue is really with 2822. 2821's rules for
defining new address literals offer sufficient protection
IMO.
So you and John are saying that we should pull NO-WS-CTL out
of dtext?
I would be happy seeing it moved some sort of obsolete status,
e.g., moved to "accept only" and then attach to a statement that
it is enough of a source of trouble that one should be really
cautious about that.
Should we allow control characters in quoted-pair inside
domain-literal?
I think not. Keep in mind that 2821bis (and 2821) prohibits
them in IPv4 and IPv6 address literals as well as in domain name
labels. So the only possible case involves General (i.e.,
post-IPv6) literals. No IESG in its collective right mind would
approve a syntax for those that included control characters so,
at least in the envelope or on the wire, this is a dead case.
Should we allow quoted-pair at all in domain-literal?
(Remember that they all appear in the obsolete (i.e., must be
able to handle for interpretation) syntax.)
The first is easy. The latter two are trickier, with the
second one giving me severe heartburn.
Indeed. I have trouble removing something that is even slightly
plausible from the list of what is already obsolete although I
could easily live with inserting a "MAY reject if this appears"
there. To the extent to which they are tolerated in 821/2821, I
imagine it is a legacy of NVT, where some of these controls were
mistakenly (IMO) permitted as the only way (at the time) to
manage even minimal formatting. I have no idea what they were
doing in 822 -- perhaps Dave remembers and can shed some light
on this.
- Quoted strings (which can be on the left hand size of
addresses as well as lots of other structured header
fields)
The address part of this is a little more problematic than
the case above, but also easier, under the "you can screw
only yourself by putting one of those addresses up on your
server" principle.
So John, you are saying that we should leave NO-WS-CTL in
quoted-string?
I really do not know. _Very_ mixed feelings. I'd be happy to
see them go, but am a little concerned about unintended
consequences. On the other hand, I would not lose any sleep
over keeping it because I don't mind helping stupid people enjoy
their stupidity.
- Comments (which can appear in lots of structured header
fields including address fields)
- Unstructured text (in fields and in the body)
The rest of this is, indeed, a 2822 problem.
Yep, that's where it really needs to be dealt with.
And the answer to whether or not we should leave NO-WS-CTL in
these is....?
I think you should at least have a really strong warning about
the difficulties invisible characters and characters whose
semantics may be interpreted different by the sender and
receiver can cause. I don't have a strong opinion about how
much beyond that it is sensible to go.
Sorry I'm unable to be more definitive this morning.
john