[Top] [All Lists]

Re: [ietf-smtp] message/external-body

2019-01-10 16:10:08
On Thu, 10 Jan 2019, valdis(_dot_)kletnieks(_at_)vt(_dot_)edu wrote:
I'd really rather the duct tape be applied to make external-body work

Agreed.  The last time I looked at this (admittedly quite some time ago), the
biggest missing parts were an RFC-standard way to denote an expiration time
("this URL good until <datestamp>")

Wouldn't that be the expiration= parameter?  See RFC 1521, section 7.3.3.

and a secure way to pass an indication of what credentials are needed to access the object.

That seems rather un-mail-ish. The usual model is that if I can read the message, I can read anything in the message. If someone else can peek at the message in transit or whatever, they can read whatever's in it. If the message is supposed to be secret, encrypt it with S/MIME or PGP, or maybe just encrypt the external-body part. To make the URL hard to guess, make it long and pseudo-random, but most URLs from Drive, Dropbox, et al. are anyway.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>