W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 23:19:52 -0500
Message-ID: <68fba5c50611042019h3588489ao7106128d791edf9@mail.gmail.com>
To: "Paul Leach" <paulle@windows.microsoft.com>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>, "HTTP Working Group" <ietf-http-wg@w3.org>

On 11/4/06, Paul Leach <paulle@windows.microsoft.com> wrote:
>
> Which is pretty silly given that proprietary Web server applications
> exist only as deployed--there is no separate "implementation".
> [Paul Leach] I don't understand the above sentence.
>

Increasingly, software is written expressly for one website, not
distributed through traditional commercial software channels such as
CD-ROMs or pre-installed on new computers. This style of deployment
has a lot of advantages, and the implement/configure distinction is
meaningless. There is only one copy.

At any rate, I believe other messages have established that the
meaning of the HTTP version number field is pretty clear. I think the
list should revisit this topic when everyone is prepared to accept the
requirements of RFC 2616 and RFC 2145. Is there something unclear
about "conditional conformance"?

-- 

Robert Sayre
Received on Sunday, 5 November 2006 04:20:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT