W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 4 Nov 2006 23:19:52 -0500
Message-ID: <68fba5c50611042019h3588489ao7106128d791edf9@mail.gmail.com>
To: "Paul Leach" <paulle@windows.microsoft.com>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>, "HTTP Working Group" <ietf-http-wg@w3.org>

On 11/4/06, Paul Leach <paulle@windows.microsoft.com> wrote:
> Which is pretty silly given that proprietary Web server applications
> exist only as deployed--there is no separate "implementation".
> [Paul Leach] I don't understand the above sentence.

Increasingly, software is written expressly for one website, not
distributed through traditional commercial software channels such as
CD-ROMs or pre-installed on new computers. This style of deployment
has a lot of advantages, and the implement/configure distinction is
meaningless. There is only one copy.

At any rate, I believe other messages have established that the
meaning of the HTTP version number field is pretty clear. I think the
list should revisit this topic when everyone is prepared to accept the
requirements of RFC 2616 and RFC 2145. Is there something unclear
about "conditional conformance"?


Robert Sayre
Received on Sunday, 5 November 2006 04:20:00 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:20 UTC