Subject: Re: [security-services-comment] clarification needed on use of data: URI in MDUI metadata?
On 29 Jan 2013, at 15:07, Tom Scavo <firstname.lastname@example.org> wrote: > On Tue, Jan 29, 2013 at 10:01 AM, Ian Young <email@example.com> wrote: >> >> If we do think that "data:" is an intended possibility, it is also probably worth highlighting that case as something that consumers of this metadata might need to handle. > > I'm pretty sure this was in fact specified in *some* version of the spec. I think the only version that matters is the published one, which I quoted from. It also has the following at line 244 in the "Security" section: > Schemes other than “https”, “http”, or “data” SHOULD NOT be used. This again supports the idea that it wasn't the intention to exclude "data:", but the earlier parts are still contradictory. -- Ian
Description: S/MIME cryptographic signature