Re: email address in a URI

Etan Wexler wrote:
 
> are you implying that the <NO-WS-CTL> characters are obsolete
> in e-mail addresses?

Not used in practice as far as I can judge it.  Funny escape
sequences causing all kinds of havoc with simple MUAs are a
bad idea, nobody needs or does this.

> Should RFC 2822 get a revision?

IMHO a 2822bis should move NO-WS-CTL to chapter 4 (obsolete).

> Does either answer affect what route the ?tag? scheme should
> take?

It depends on your priorities, if your priority is "any legal
address should be allowed" you need NO-WS-CTL plus the syntax
for this crap plus (maybe) security considerations.  If your
main priority is a readable text without tons of obscure rules
all you need is a statement that you excluded some ugly cases.

> Will software authors screw this up?

PURL is a case where I know that they decode URLs, %25 instead
of % does the trick (e.g. %2520 results in %20, i.e. a space).
  
> is it proper that the ?tag? scheme flatly ban the use of
> e-mail addresses with ?percent? signs?

Somewhere you draw the line, it's your decision.  Banning a %
only to avoid %25 sounds like a bad decision.

> a lousy programmer can make a security problem out of any
> situation.

True, but if you support encoded NO-WS-CTL you have no reasons
to exclude other syntactically valid addresses, so in that case
just support everything (minus CFWS, modulo obs-, i.e. isolated
CR or LF not included in NO-WS-CTL)

> to me, the question is about the probability of software
> authors screwing it up and about the scale of the screw-up.

"Take local part as is and encode" is simple.  If you start to
explain quoted-string, quoted-pair, and semantical content to
get a shorter and nicer '...'@example it's not so simple, YMMV.

                             Bye, Frank

Received on Tuesday, 12 July 2005 06:19:29 UTC