Greetings, I've noticed that a "bug" has re-appeared in Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=700999
In older versions of Firefox (e.g. 3.6.23) it is possible to enter URIs of the form http://[fe80::206:98ff:fe00:232%tap0] in the location bar and get a positive result. This capability is quite handy in simple testing scenarios and obviously requires the client and server to be on a common link (so I don't necessarily see how it creates a security risk.) According to a note attached to the bug, the regression occurred as a result of fixing a security bug: https://bugzilla.mozilla.org/show_bug.cgi?id=<https://bugzilla.mozilla.org/show_bug.cgi?id=700999> 504014 <https://bugzilla.mozilla.org/show_bug.cgi?id=504014> I don't seem to have access to that bug, so I don't know the complete rationale. However, the note on 700999 says the title is "Enforce RFC 3986 syntax for IPv6 literals". It goes on to say that RFC 3986 "disallows" interface specifiers (a.k.a. zone indices: http://en.wikipedia.org/wiki/IPv6_address#Link-local_addresses_and_zone_indices ). I don't see how a link-local address can be used in this context w/o using a zone index. Granted, RFC 3986 doesn't cover this case but it also doesn't prohibit it. This leads me to suspect it was an oversight, so I'm wondering if RFC 3986 needs to be updated to cover it link- local IPv6 literals? If so, is there a reference that could be used to derive the necessary ABNF? Thanks, -K-
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
