Full Disclosure mailing list archives

RE: Interesting side effect of the new IE patch

From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Fri, 6 Feb 2004 15:57:03 +0100

From: Stefan Esser [mailto:s.esser () e-matters de] 
I wonder why so many people are just blind of hatred when the topic is
Microsoft.


The topic is NOT Microsoft. It is the violation of a standard with big
security implications. If we just for a short moment could turn our view
over to all those systems that process and log the url? It's "nice" to
see all those userids and passwords in proxy logs, for example.

I agree that RFCs need to be developed. Actually they are. If you don't
like what you see, I invite you to search for the relevant list at
www.ietf.org and throw in your thoughts. If they are carefully crafted
and fairly waighted, you will find them back in a RFC ;)

I think, however, that the current trend in protocol design is not to
loosen security but to tighten it...

It is not a secret that I dislike Microsoft, but I am not
blind of hatred like you obviously are. All standard browsers support
the http://username:password@... . THIS makes it a standard, no matter
what the bloody RFC writes. The majority of people liked adding
username:password to the URL, so it was implemented into all browsers
and became a standard. That the RFC was not updated is not the fault
of Microsoft.


Actually, it was. IETF works like this: join the mailing list, make
yourself heard. If nobody accepts your changes, your argument was
obviously bad. Microsoft knows this, they have worked on more than a
single RFC. So, sorry, this actually is Microsofts fault...

If the community had not accepted this as standard it
would not be in other browsers (like mozilla), too.


That's actually a good point.... but as it looks, only Mozilla does
this. May it be that they simply tried to follow Microsoft in a
desparate attempt to not loose market share. Actually I have no idea.
Honestly, I don't care. But I am glad we are seeing a trend back towards
standards. 

The Internet has become a dangerous world, so I think it is not
necessary to throw in an extra set of non-standards compliant,
deliberate, insecurity...

Rainer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Interesting side effect of the new IE patch, (continued)
- - - Message not available
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - RE: Interesting side effect of the new IE patch Bill Royds (Feb 06)
    - Re: Interesting side effect of the new IE patch Nick FitzGerald (Feb 05)
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - Re: Interesting side effect of the new IE patch Dave Sherohman (Feb 06)
    - Re: Interesting side effect of the new IE patch Valdis . Kletnieks (Feb 06)
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - Re: Interesting side effect of the new IE patch Szilveszter Adam (Feb 06)
    - Re: Interesting side effect of the new IE patch Martin Peikert (Feb 06)
  - Re: Interesting side effect of the new IE patch Nick FitzGerald (Feb 05)
- RE: Interesting side effect of the new IE patch Rainer Gerhards (Feb 06)
- Re: Interesting side effect of the new IE patch DAN MORRILL (Feb 06)
- RE: Interesting side effect of the new IE patch Jerry Heidtke (Feb 06)