W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Ingo Struck <lists@ingostruck.de>
Date: Thu, 19 Oct 2006 22:30:50 +0000
To: Wilfredo Sánchez Vega <wsanchez@wsanchez.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <200610192230.52520.lists@ingostruck.de>

Wilfredo,

On Thursday 19 October 2006 00:08, you wrote:
> It certainly won't be enabled by default, nor would I encourage  
> such a config in a production environment, and I wouldn't put it in  
> an admin UI.
That was the point of my admittedly drastic proposal -- 
to strongly disencourage the usage of this sort of things.

> For what it's worth, as a client author I'd have a somewhat  
> different viewpoint here.  But as a server author,
Keep in mind that "as a server author" you have
to make best efforts to safeguard the needs of
your clients and the users thereof -- if you offer
something they use credulously without realizing
the negative impacts of using it you could be held
liable for that, at least your users could accuse you
of wanton negligence...
(My personal opinion, you might have a different position).

Kind regards

Ingo Struck
Received on Thursday, 19 October 2006 21:27:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT