Making one or both of the existing auth protocols mandatory-to-implement does not change the protocol at all, so no version number change is necessary. That's because making a protocol feature mandatory-to-implement does NOT make it mandatory to configure. Hence, for example, one could not deduce, from either an HTTP/1.1 or a new HTTP/1.2 sent by a client, that a server can send Basic or Digest challenge and be assured that it will be understood by the client. -----Original Message----- From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Robert Sayre Sent: Saturday, November 04, 2006 3:17 PM [Paul Leach] snip In any case, the requirements and semantics of HTTP version numbers seem clear as a bell to me. I don't see any interpretation that allows something as radical as the addition of a mandatory security mechanism without incrementing the version number. -- Robert SayreReceived on Saturday, 4 November 2006 21:14:35 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 September 2008 03:48:54 GMT