W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 15:16:41 -0500
Message-ID: <68fba5c50611041216r19bce1ddlc643440036644eaf@mail.gmail.com>
To: "Henrik Nordstrom" <hno@squid-cache.org>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>

On 11/4/06, Robert Sayre <sayrer@gmail.com> wrote:
> "An HTTP client MUST NOT send a version for which it is not at least
> conditionally compliant.'
>

Sorry, that's from RFC 2145. The send button was clicked a bit early. :)

In any case, the requirements and semantics of HTTP version numbers
seem clear as a bell to me. I don't see any interpretation that allows
something as radical as the addition of a mandatory security mechanism
without incrementing the version number.

-- 

Robert Sayre
Received on Saturday, 4 November 2006 20:16:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT