Hi there, I cannot decide if the following is a MUST-level requirement (i.e., its violation prevents RFC 2616 compliance, even conditional): 13.10 Invalidation After Updates or Deletions ... In order to prevent denial of service attacks, an invalidation based on the URI in a Location or Content-Location header MUST only be performed if the host part is the same as in the Request-URI. Suppose the host part is not the same as in the Request-URI. Let's also assume that the device did perform an invalidation, subjecting itself to a potential DoS attack. Did the device violate a MUST-level requirement? The answer seems to depend on how you bind "only": [ ] Yes, this is a MUST-level violation because foo MUST only blah if bar implies if not bar, foo MUST NOT blah [ ] No, this is not a MUST-level violation because foo MUST only blah if bar implies just that if bar, foo MUST blah and requires nothing when bar is false ("if not bar") I suspect that the intended interpretation is "yes, this is a MUST violation". Can anybody confirm? Is there really a problem with the wording, or am I imagining an ambiguity? Thank you, Alex.Received on Monday, 17 June 2002 11:56:32 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:22:10 GMT