W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: confidentiality and the referer field

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 26 Jun 1997 16:56:13 -0400 (EDT)
Message-Id: <199706262056.QAA07248@muesli.ai.mit.edu>
To: Matthew Rubenstein <ruby@name.net>
Cc: hallam@ai.mit.edu, Ross_Patterson@ns.reston.vmd.sterling.com, http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/3579

> 	The lack of a REFERER value there is effectively a spec omission that
> effects an overload of a null REFERER to indicate several conditions,
> including key entry, "bookmarks" and client bug.

When I originally wrote that spec bookmarks did not exist... People used to
compile a personal home page with relevant info on it.

Really the bug is that we never specified a URL space for client use.

> 	One client's frivolous reason is another server's special case. It's _my_
> server, why can't I restrict access based on what enabled the request?

Sure you can restrict it, the question is whether its practical. The point
is that there would be an effect on these people that should be signalled.

I don't think that supporting these peoples restrictions is a sufficient
reason not to make the change...

Someone suggested using UA hints... I'm not sure that this would be a good
choice. "Hints" imply that they can at best ensure SHOULD compliance and
not a MUST. While the restriction could not be introduced as a MUST a
future protocol revision might make it one.

Received on Thursday, 26 June 1997 13:58:06 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:20 UTC