Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

lör 2006-11-04 klockan 17:27 -0500 skrev Robert Sayre:
> On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote:
> > lör 2006-11-04 klockan 17:07 -0500 skrev Robert Sayre:
> >
> > > A new RFC can make a header mandatory for RFCNNNN compliance, but not
> > > HTTP/1.1 compliance.
> >
> > Exacly what I said.
> 
> OK. Then I submit that such an RFC cannot claim to define HTTP/1.1.

Agreed. It's at most an standards track extension to HTTP/1.1.

Also for the record I am against that implementation of strong
authentication should be mandatory for HTTP protocol compliance.

A requirement of implementation of a well defined strong authentication
scheme IF authentication is implemented is fine however.

Regards
Henrik

Received on Saturday, 4 November 2006 22:43:06 UTC