Date: Wed, 4 Jan 1995 09:14:01 -0500
Message-Id: <ab30be4604021004ae48@[199.227.1.80]>
To: uri@bunyip.com
From: hoymand@gate.net (Dirk Herr-Hoyman)
Subject: Re: Predraft of a new URL scheme: mailmsg
At 12:57 PM 1/4/95, Marc VanHeyningen wrote:
>> Since URLs are hardly something which the casual user might have
>>
>> - an overriding interest in
>>
>> - an appreciation of the consequences of
>>
>> - comprehensive knowledge of
>>
>> I would politely suggest that this is a bad idea. For a more in depth
>> explanation of the inadvisability of this URL scheme please see:
>>
>> <mailmsg:president@whitehouse.gov//Death Threat/I'm gonna git you sucka>
>
What we are trying to address here (and I'm the person who earily proposed
a similar mailserver URL), is the ability to access resources that are ONLY
available via e-mail retrieval. If we are to have a URL for this, then the
example given above will certainly be possible.
I don't really want to create more ways to spoof e-mail, but I also would
like to see the functionality of URL extended to e-mail retrieval. It
looks to me that these 2 requirements are fundamentally in conflict here.
>This is, of course, a serious concern. As Larry pointed out, similar
>concerns also exist for the gopher: URL, since it can be used to spoof
>mail messages in less obvious ways.
>
And there are lot's of other ways to spoof e-mail, including many POP user
agents that let you set your own return address. E-mail, as it is
currently incarnated on the Internet, is inherently insecure.
I would like to see an e-mail retrieval URL, whill still being sensitive to
the security concerns. But, since e-mail is already inherently insecure,
my feeling is that the increased functionlity of such a URL is more
important then preventing yet another hole.
-- Dirk Herr-Hoyman <hoymand@gate.net> | I tried to contain myself CyberBeach Publishing | but * Internet publishing services | I got out Lake Worth, Florida, USA | Web: http://www.gate.net/cyberbeach.html Phone: +1.407.540.8309