James M Snell wrote:
Not a proofreading issue, but shouldn't section 5 say something about
DOS attacks using replies links to third party servers? I wouldn't be
surprised if some clients automatically subscribed to all replies links
in a feed even if they were 100MB zip files on a completely different
site.
Hmm.. this problem would apply generally to all types of Atom link
wouldn't it? In any case, it likely would be good to at least mention
that implementations should take care when using the replies link to
automatically subscribe to feeds.
I don't think it necessarily applies to all links, just those that are
likely to be followed automatically. I'm fairly sure I've seen aggregators
that have an option for automatically subscribing to wfw:commentRss links so
I'm assuming they're likely to do the same for this extension. Enclosures
are another link type where I would consider this an issue.
I didn't see anything mentioned in the security section of RFC4287 though,
so maybe it's not such a big deal. Mark's feed history draft covers it, but
it could be argued that the feed history links probably SHOULD be followed,
whereas enclosure and replies links only MAY be followed.
Anyway I'm not really sure it's essential. I just thought I should mention
it in case it's the kind of thing that causes problems for you when
submitting to the IETF.
Regards
James
