W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
Date: Sun, 05 Nov 2006 00:22:06 -0600
Message-ID: <454D830E.1060700@rowe-clan.net>
To: Paul Leach <paulle@windows.microsoft.com>
CC: Robert Sayre <sayrer@gmail.com>, Henrik Nordstrom <hno@squid-cache.org>, HTTP Working Group <ietf-http-wg@w3.org>

Paul Leach wrote:
> 
> That's because making a protocol feature mandatory-to-implement does NOT
> make it mandatory to configure. Hence, for example, one could not
> deduce, from either an HTTP/1.1 or a new HTTP/1.2 sent by a client, that
> a server can send Basic or Digest challenge and be assured that it will
> be understood by the client.

Not if they implemented an RFC 2616 client.
Received on Sunday, 5 November 2006 06:22:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT