On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote: > lör 2006-11-04 klockan 10:47 -0800 skrev Lisa Dusseault: > > > So I guess a decision that CLIENTS MUST support Basic and Digest in a > > new HTTP RFC, might be signalled by a minor version bump. > > I too don't see thy a version bump would even be remotely needed in this > case. It's already the server who dictates which authentication > protocols is acceptable to the server, An HTTP/1.1 message is not a guarantee that the sender supports any authentication mechanism. Servers receiving a hypothetical HTTP/1.2 message could make that assumption. > HTTP version numbers do have an implicit defined meaning: They have an explicit meaning. See RFC 2145. Additionally, RFC 2616 defines the term "conditional compliance". RFC 2616 section 3 also defines the term "conditional compliance", which is not compatible with the addition of a MUST-level security mechanism. "An HTTP client MUST NOT send a version for which it is not at least conditionally compliant.' -- Robert SayreReceived on Saturday, 4 November 2006 19:59:34 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT