On Nov 4, 2006, at 2:42 PM, Henrik Nordstrom wrote: > lör 2006-11-04 klockan 17:27 -0500 skrev Robert Sayre: >> On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote: >>> lör 2006-11-04 klockan 17:07 -0500 skrev Robert Sayre: >>> >>>> A new RFC can make a header mandatory for RFCNNNN compliance, >>>> but not >>>> HTTP/1.1 compliance. >>> >>> Exacly what I said. >> >> OK. Then I submit that such an RFC cannot claim to define HTTP/1.1. > > Agreed. It's at most an standards track extension to HTTP/1.1. Slight disagreement here: if RFCNNNN obsoleted RFC2616, without bumping the version number, it had better be backwards compatible -- but it is more than a standards track extension to HTTP/1.1, it becomes the new best definition of HTTP/1.1. > > Also for the record I am against that implementation of strong > authentication should be mandatory for HTTP protocol compliance. > > A requirement of implementation of a well defined strong > authentication > scheme IF authentication is implemented is fine however. That's not a bad start. The next thing to think about is to ask in what cases authentication implementation IS required. I certainly agree with those who've said that authentication isn't necessary in some uses of HTTP. LisaReceived on Sunday, 5 November 2006 21:23:39 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 September 2008 03:48:54 GMT