On Thu, 10 Jan 2019, valdis(_dot_)kletnieks(_at_)vt(_dot_)edu wrote:
I'd really rather the duct tape be applied to make external-body work
better.
Agreed. The last time I looked at this (admittedly quite some time ago), the
biggest missing parts were an RFC-standard way to denote an expiration time
("this URL good until <datestamp>")
Wouldn't that be the expiration= parameter? See RFC 1521, section 7.3.3.
and a secure way to pass an indication of what credentials are needed to
access the object.
That seems rather un-mail-ish. The usual model is that if I can read the
message, I can read anything in the message. If someone else can peek at
the message in transit or whatever, they can read whatever's in it. If
the message is supposed to be secret, encrypt it with S/MIME or PGP, or
maybe just encrypt the external-body part. To make the URL hard to guess,
make it long and pseudo-random, but most URLs from Drive, Dropbox, et al.
are anyway.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp