Security & draft-ietf-html-fileupload-01.txt

Richard L. Harris (rharris@espresso.rt.cs.boeing.com)
Thu, 15 Dec 94 15:51:52 EST

html-wg, E.Nebel, L. Masinter

In regards to the following ID:
> Subject: I-D ACTION:draft-ietf-html-fileupload-01.txt
> Date: Wed, 14 Dec 94 10:42:55 -0500

with emphasis on the following functionality description;
> this draft proposes an extension to HTML to allow information providers to
> express file upload requests uniformly, and a MIME compatible
> representation for file upload responses.

I would suggest that for completeness security be given much more
specific mention in the draft. Most specificaly that a security
considerations section be created and inserted at the end of the
draft. A summarization of the security features included is needed.
Also needed is a discussion of the implications of potential security
functionalities not included or supported and an enumeration of
security requirements expected to be handled by the underlying
infrastructures (ie. http, mime, wais, mosaic, firewalls, DBs and OSs
for example.)

Rich Harris rharris@atc.boeing.com 206-865-4922
Boeing Computer Services
===== The views expressed are mine and not necessarily those of Boeing.====