Works for me. I couldn't think of a better way to describe the concern than what Mark included in his draft so I simply copied it verbatim.
Mark N: I hope you don't mind. :-) - James James Holderness wrote: > > James M Snell wrote: >>> Not a proofreading issue, but shouldn't section 5 say something about >>> DOS attacks using replies links to third party servers? I wouldn't be >>> surprised if some clients automatically subscribed to all replies links >>> in a feed even if they were 100MB zip files on a completely different >>> site. >> >> Hmm.. this problem would apply generally to all types of Atom link >> wouldn't it? In any case, it likely would be good to at least mention >> that implementations should take care when using the replies link to >> automatically subscribe to feeds. > > I don't think it necessarily applies to all links, just those that are > likely to be followed automatically. I'm fairly sure I've seen > aggregators that have an option for automatically subscribing to > wfw:commentRss links so I'm assuming they're likely to do the same for > this extension. Enclosures are another link type where I would consider > this an issue. > > I didn't see anything mentioned in the security section of RFC4287 > though, so maybe it's not such a big deal. Mark's feed history draft > covers it, but it could be argued that the feed history links probably > SHOULD be followed, whereas enclosure and replies links only MAY be > followed. > > Anyway I'm not really sure it's essential. I just thought I should > mention it in case it's the kind of thing that causes problems for you > when submitting to the IETF. > > Regards > James > >
