On Jul 12, 2019, at 3:31 AM, Joe Touch < touch@xxxxxxxxxxxxxx> wrote: My issue with the errata is that it presumes that URLs in RFCs ever need to be updated or corrected. They do not and should not. Search engines are more than sufficient to address the issue of URL ephemerality - which, FWIW, happens as much (if not more) at large public sites (such as ietf.org and Isi.edu) as privately run sites (such as mine at strayalpha.com).
This isn’t entirely true: a dangling pointer in an RFC actually becomes an attack surface if it’s important enough to search for the missing thing it once pointed to. Now I can publish an alternative piece of software that you can download that not only converts word documents to RFCs, but also sends me your personal information, etc.
Microsoft disabled macros by default since Office 2016, so this won’t happen unless the user explicitly disables that protection (it’s a pop up on each Word doc with macros). I never mention macros in the RFC, so that’s not advisable.
But there are many RFCs with dangling pointers. Every RFC that pointed to ftp.isi.edu, for example. And as I noted, the IETF tools site URL has changed - in fact, it even has a dangling pointer ON ITS OWN page (to http://www.ietf.org/tools, which is even more insecure)..
The real problem here is that the RFC ever pointed to a reference link that wasn’t on an IETF web site. The only time that I think this makes sense is as an informative reference.
That’s what this was, essentially.
Of course, in this case in theory they are just Word templates, but can’t those contain Visual Basic?
Yes, but see above about that being disabled by default when opening new docs unless the user overrides them.
Joe |
