Full Disclosure mailing list archives
RE: Interesting side effect of the new IE patch
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Fri, 6 Feb 2004 15:57:03 +0100
From: Stefan Esser [mailto:s.esser () e-matters de] I wonder why so many people are just blind of hatred when the topic is Microsoft.
The topic is NOT Microsoft. It is the violation of a standard with big security implications. If we just for a short moment could turn our view over to all those systems that process and log the url? It's "nice" to see all those userids and passwords in proxy logs, for example. I agree that RFCs need to be developed. Actually they are. If you don't like what you see, I invite you to search for the relevant list at www.ietf.org and throw in your thoughts. If they are carefully crafted and fairly waighted, you will find them back in a RFC ;) I think, however, that the current trend in protocol design is not to loosen security but to tighten it...
It is not a secret that I dislike Microsoft, but I am not blind of hatred like you obviously are. All standard browsers support the http://username:password@... . THIS makes it a standard, no matter what the bloody RFC writes. The majority of people liked adding username:password to the URL, so it was implemented into all browsers and became a standard. That the RFC was not updated is not the fault of Microsoft.
Actually, it was. IETF works like this: join the mailing list, make yourself heard. If nobody accepts your changes, your argument was obviously bad. Microsoft knows this, they have worked on more than a single RFC. So, sorry, this actually is Microsofts fault...
If the community had not accepted this as standard it would not be in other browsers (like mozilla), too.
That's actually a good point.... but as it looks, only Mozilla does this. May it be that they simply tried to follow Microsoft in a desparate attempt to not loose market share. Actually I have no idea. Honestly, I don't care. But I am glad we are seeing a trend back towards standards. The Internet has become a dangerous world, so I think it is not necessary to throw in an extra set of non-standards compliant, deliberate, insecurity... Rainer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Interesting side effect of the new IE patch, (continued)
- Message not available
- Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
- RE: Interesting side effect of the new IE patch Bill Royds (Feb 06)
- Re: Interesting side effect of the new IE patch Nick FitzGerald (Feb 05)
- Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
- Re: Interesting side effect of the new IE patch Dave Sherohman (Feb 06)
- Re: Interesting side effect of the new IE patch Valdis . Kletnieks (Feb 06)
- Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
- Re: Interesting side effect of the new IE patch Szilveszter Adam (Feb 06)
- Re: Interesting side effect of the new IE patch Martin Peikert (Feb 06)