On Thu, Jul 12, 2007 at 10:03:00AM -0400, The IESG <iesg-secretary@xxxxxxxx> wrote a message of 24 lines which said: > - 'The Archived-At Message Header Field ' > <draft-duerst-archived-at-07.txt> as a Proposed Standard I've reviewed the document and I find it OK. I also regard the use cases presented in section 3.3 as realistic and important so I support the idea of such a standard. Two remarks, only details: 1) Section 3.2 suggests, to avoid a DoS if the Message-ID is used to construct the link, to "offer multiple choices in the response". This does not really mitigate the DoS. An attacker could send 1000 messages and the only legitimate one would be quite lost among the 1001 responses. It seems a general case of "you should not let the client control the URI space if this client is unauthenticated". 2) Section 5.2 suggests to register the old experimental header X-Archived-At. I am not sure it is compliant with RFC 3864 to register private-use headers. I notice there is currently not one "X-something" header in the IANA registry. Is this section really necessary?
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf