| 1 |
wakaba |
1.1 |
|
| 2 |
|
|
IETF URI Working Group |
| 3 |
|
|
Internet-Draft |
| 4 |
|
|
draft-ietf-uri-url-mailserver-01.txt |
| 5 |
|
|
Expires August 8, 1995 |
| 6 |
|
|
|
| 7 |
|
|
Mailserver URL Specification |
| 8 |
|
|
|
| 9 |
|
|
Status of This Memo |
| 10 |
|
|
|
| 11 |
|
|
This document is an Internet-Draft. Internet-Drafts are working |
| 12 |
|
|
documents of the Internet Engineering Task Force (IETF), its |
| 13 |
|
|
areas, and its working groups. Note that other groups may also |
| 14 |
|
|
distribute working documents as Internet-Drafts. |
| 15 |
|
|
|
| 16 |
|
|
Internet-Drafts are draft documents valid for a maximum of six |
| 17 |
|
|
months and may be updated, replaced, or obsoleted by other |
| 18 |
|
|
documents at any time. It is inappropriate to use Internet- |
| 19 |
|
|
Drafts as reference material or to cite them other than as |
| 20 |
|
|
``work in progress.'' |
| 21 |
|
|
|
| 22 |
|
|
To learn the current status of any Internet-Draft, please check |
| 23 |
|
|
the ``1id-abstracts.txt'' listing contained in the Internet- |
| 24 |
|
|
Drafts Shadow Directories on ftp.is.co.za (Africa), |
| 25 |
|
|
nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), |
| 26 |
|
|
ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). |
| 27 |
|
|
|
| 28 |
|
|
Abstract |
| 29 |
|
|
|
| 30 |
|
|
A new URL scheme, "mailserver", is defined. It allows mail client |
| 31 |
|
|
software to create RFC822 mail messages from a URL. |
| 32 |
|
|
|
| 33 |
|
|
Description |
| 34 |
|
|
|
| 35 |
|
|
In the URL specification, RFC1738, the "mailto" scheme is defined and is |
| 36 |
|
|
described as: |
| 37 |
|
|
|
| 38 |
|
|
Unlike many URLs, the mailto scheme does not represent a data |
| 39 |
|
|
object to be accessed directly; there is no sense in which it |
| 40 |
|
|
designates an object. |
| 41 |
|
|
|
| 42 |
|
|
However, there are many resources on the Internet that can only be |
| 43 |
|
|
accessed by mail that cannot be described by the mailto scheme. To |
| 44 |
|
|
access such an object, the mail message must have a specified subject |
| 45 |
|
|
and/or content. For instance, many mail response servers will return a |
| 46 |
|
|
file if you send a mail message with the proper request. |
| 47 |
|
|
|
| 48 |
|
|
The "mailserver" URL has the form: |
| 49 |
|
|
|
| 50 |
|
|
mailserver:<rfc822-addr-spec>/<subject>/<body> |
| 51 |
|
|
|
| 52 |
|
|
Client software would prepare a mail message with the given <subject> |
| 53 |
|
|
text as the subject header field and the <body> text as the body of the |
| 54 |
|
|
message. <subject> and <body> may have zero length. |
| 55 |
|
|
|
| 56 |
|
|
Thus, the "mailto" scheme will be used to give the mailing address of a |
| 57 |
|
|
person or of a mailserver that requires no subject or message body; the |
| 58 |
|
|
"mailserver" scheme is used to give a template that will cause the |
| 59 |
|
|
specified resource to be returned. |
| 60 |
|
|
|
| 61 |
|
|
The body text may span more than one line. Any "/" character in the body |
| 62 |
|
|
should be interpreted by the mail client as a CRLF sequence when |
| 63 |
|
|
translating a URL to a mail message. |
| 64 |
|
|
|
| 65 |
|
|
Examples |
| 66 |
|
|
|
| 67 |
|
|
A URL for a mail response system that requires the name of the file in |
| 68 |
|
|
the subject might be: |
| 69 |
|
|
|
| 70 |
|
|
<mailserver:infobot@kwf.com/current-issue/> |
| 71 |
|
|
|
| 72 |
|
|
A mail response system that requires a "send" request in the body might |
| 73 |
|
|
have a URL that looks like: |
| 74 |
|
|
|
| 75 |
|
|
<mailserver:infobot@kwf.com//send%20current-issue> |
| 76 |
|
|
|
| 77 |
|
|
A similar URL could have two lines with different "send" requests: |
| 78 |
|
|
|
| 79 |
|
|
<mailserver:infobot@kwf.com//send%20current-issue/send%20index> |
| 80 |
|
|
|
| 81 |
|
|
The "mailserver" scheme would also help people get another type of |
| 82 |
|
|
Internet resource, namely mailing lists. For example: |
| 83 |
|
|
|
| 84 |
|
|
<mailserver:majordomo@kwf.com//subscribe%20bamboo-l> |
| 85 |
|
|
|
| 86 |
|
|
Encoding |
| 87 |
|
|
|
| 88 |
|
|
RFC1738 requires that many characters in URLs be encoded. This affects |
| 89 |
|
|
the mailserver scheme for some common characters that might appear in |
| 90 |
|
|
subjects or message contents. Two such characters are space (" ", ASCII |
| 91 |
|
|
hex 20) and forward slash ("/", ASCII hex 2F). Note the examples |
| 92 |
|
|
above that use "%20" for space in the message body. Note further that an |
| 93 |
|
|
unencoded forward slash in the body area is to be translated by the mail |
| 94 |
|
|
client to CRLF. |
| 95 |
|
|
|
| 96 |
|
|
People creating mailserver URLs must be careful to encode any reserved |
| 97 |
|
|
characters that are used in the URLs so that properly-written URL |
| 98 |
|
|
interpreters can read them. Also, client software that reads URLs must |
| 99 |
|
|
be careful to decode strings before creating the mail message so that |
| 100 |
|
|
the mail messages appear in a form that the recipient will understand. |
| 101 |
|
|
These strings should be decoded before showing the user the mesage. |
| 102 |
|
|
|
| 103 |
|
|
For security reasons, the characters 0A hexadecimal (US-ASCII character |
| 104 |
|
|
LF), and 0D (US-ASCII character CR) must not be decoded by client |
| 105 |
|
|
software. To indicate new lines in the body text, a URL should use the |
| 106 |
|
|
forward slash ("/") character, which client software will translate to |
| 107 |
|
|
CRLF. |
| 108 |
|
|
|
| 109 |
|
|
Additional BNF for RFC1738 |
| 110 |
|
|
|
| 111 |
|
|
mailserverurl = "mailserver:" encoded822addr "/" subject "/" body |
| 112 |
|
|
subject = *[uchar] |
| 113 |
|
|
body = [body_line] *["/" body_line] |
| 114 |
|
|
body_line = *[uchar] |
| 115 |
|
|
|
| 116 |
|
|
Security |
| 117 |
|
|
|
| 118 |
|
|
The mailserver scheme is intended to send a message from one user to |
| 119 |
|
|
another, and thus can introduce many security concerns. Mail messages |
| 120 |
|
|
can be logged at the originating site, the recipient site, and |
| 121 |
|
|
intermediary sites along the delivery path. If the messages are not |
| 122 |
|
|
encoded, they can also be read at any of those sites. |
| 123 |
|
|
|
| 124 |
|
|
A mailserver URL gives a template for a message that can be sent by mail |
| 125 |
|
|
client software. The contents of that template may be opaque or |
| 126 |
|
|
difficult to read by the user at the time of specifying the URL. Thus, a |
| 127 |
|
|
mail client should never send a message based on a mailserver URL |
| 128 |
|
|
without first showing the user the full message that will be sent |
| 129 |
|
|
(including all headers, including the subject specified in the URL), fully |
| 130 |
|
|
decoded, and asking the user for approval to send the message. |
| 131 |
|
|
|
| 132 |
|
|
Client software must not decode the characters 0A hexadecimal |
| 133 |
|
|
(US-ASCII character LF), and 0D (US-ASCII character CR). In the subject |
| 134 |
|
|
field, such decoding would permit header spoofing; there is no need for |
| 135 |
|
|
these characters in the body field because of the use of the "/" |
| 136 |
|
|
character. |
| 137 |
|
|
|
| 138 |
|
|
Examples of problems with sending unapproved mail include: |
| 139 |
|
|
- mail that breaks laws upon delivery, such as making illegal threats |
| 140 |
|
|
- mail that identifies the sender as someone interested in breaking laws |
| 141 |
|
|
- mail that identifies the sender to an unwanted third party |
| 142 |
|
|
- mail that causes a financial charge to be incurred on the sender |
| 143 |
|
|
- mail that causes an action on the recipient machine that causes damage |
| 144 |
|
|
that might be attributed to the sender |
| 145 |
|
|
|
| 146 |
|
|
Author contact information: |
| 147 |
|
|
|
| 148 |
|
|
Paul E. Hoffman |
| 149 |
|
|
Proper Publishing |
| 150 |
|
|
127 Segre Place |
| 151 |
|
|
Santa Cruz, CA 95060 USA |
| 152 |
|
|
Tel: 408-426-6222 |
| 153 |
|
|
phoffman@proper.com |
| 154 |
|
|
|
| 155 |
|
|
|
Parent Directory
| 
Revision Log