-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Loren Wilton writes: > I believe that is correct, yes. And that's as far as we go in 3.0 > (if I replace the = with =3D): > > http://penistone=2eopoloveok=2ecom/3/ > > This bothers me. As best I recall reading the discussions, it turned out > that a number of clients would recursively resolve qp until it couldn't be > done anymore, then use the result. Perhaps though I'm misremembering and it > was only browsers that would do this and not MUAs. You could be misremembering, and thinking of browsers decoding %-escapes. We did find that redirectors often would in turn decode %-escapes, so spammers were using URLs like this: http://redir1.com/r?url=http://redir2.com/r?url=http://target.biz where 'http://target.biz' had been %-encoded, then 'http://redir2.com/r?url=[encoded]' was in turn encoded, resulting in the 'http://target.biz' part being *double*-encoded. if I recall correctly double QP-encoding wasn't an issue though. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFA//IvQTcbUG5Y7woRAmrRAJ9ByU2f2zrZ7W6BfoxUx6P0edw90wCePbLh 97/K6v2b2u6q8mk1LdBuaDQ= =+y6X -----END PGP SIGNATURE-----
