[1108] in bugtraq
Re: A (possibly) better way to get input integrity
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Feb 26 14:27:56 1995
To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Sun, 26 Feb 1995 08:07:51 EST."
<199502261307.IAA13541@Collatz.McRCIM.McGill.EDU>
Reply-To: perry@imsi.com
Date: Sun, 26 Feb 1995 13:12:53 -0500
From: "Perry E. Metzger" <perry@imsi.com>
der Mouse says:
> > Since when do we have email addresses with `|;{(*&'?, return and
> > newline in them? For that matter, why should we allow for inputs
> > with 8-bit bytes, ^D, ^Z, or other control, meta, or escape
> > characters. These are not legitimate email address components and
> > should not be permitted for this purpose.
>
> I disagree about some of those. High-half characters (128-255), which
> is presumably what you mean by "8-bit bytes", are necessary if you are
> to be taken seriously outside the USA.
RFC 822 doesn't permit these characters in addresses (or elsewhere in
the text.) The MIME standards define clean ways to embed eight (and
more!) bit character sets into mail headers, so this isn't really a
problem. I suggest that conservatism in this is quite reasonable.
Perry
