W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 16:47:54 -0500
Message-ID: <68fba5c50611041347we823f7eua2214a429b1176d9@mail.gmail.com>
To: "Paul Leach" <paulle@windows.microsoft.com>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>, "HTTP Working Group" <ietf-http-wg@w3.org>

On 11/4/06, Paul Leach <paulle@windows.microsoft.com> wrote:
> It's what those words mean.
>

With no malice, I don't think you have good understanding of how the
IESG interprets "mandatory-to-implement". Let's say Basic becomes
mandatory-to-implement. That means FooCorp could not distribute a
FooCorp-branded client that has no way to be configured for Basic
authentication and claim HTTP conformance.

Which is pretty silly given that proprietary Web server applications
exist only as deployed--there is no separate "implementation".

-- 

Robert Sayre
Received on Saturday, 4 November 2006 21:48:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT