On Thu, Jul 12, 2007 at 10:03:00AM -0400,
The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote
a message of 24 lines which said:
- 'The Archived-At Message Header Field '
<draft-duerst-archived-at-07.txt> as a Proposed Standard
I've reviewed the document and I find it OK. I also regard the use
cases presented in section 3.3 as realistic and important so I support
the idea of such a standard.
Two remarks, only details:
1) Section 3.2 suggests, to avoid a DoS if the Message-ID is used to
construct the link, to "offer multiple choices in the response". This
does not really mitigate the DoS. An attacker could send 1000 messages
and the only legitimate one would be quite lost among the 1001
responses. It seems a general case of "you should not let the client
control the URI space if this client is unauthenticated".
2) Section 5.2 suggests to register the old experimental header
X-Archived-At. I am not sure it is compliant with RFC 3864 to register
private-use headers. I notice there is currently not one "X-something"
header in the IANA registry. Is this section really necessary?
signature.asc
Description: Digital signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf