W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: security requirements (was: Updating RFC 2617 (HTTP Digest) to use UTF-8)

From: Robert Sayre <sayrer@gmail.com>
Date: Sun, 5 Nov 2006 16:34:16 -0500
Message-ID: <68fba5c50611051334g783762d1xcb7ce5eed1782144@mail.gmail.com>
To: "Lisa Dusseault" <lisa@osafoundation.org>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>, "HTTP Working Group" <ietf-http-wg@w3.org>

On 11/5/06, Lisa Dusseault <lisa@osafoundation.org> wrote:
>
> On Nov 4, 2006, at 2:42 PM, Henrik Nordstrom wrote:
>
> > lör 2006-11-04 klockan 17:27 -0500 skrev Robert Sayre:
> >> On 11/4/06, Henrik Nordstrom <hno@squid-cache.org> wrote:
> >>> lör 2006-11-04 klockan 17:07 -0500 skrev Robert Sayre:
> >>>
> >>>> A new RFC can make a header mandatory for RFCNNNN compliance,
> >>>> but not
> >>>> HTTP/1.1 compliance.
> >>>
> >>> Exacly what I said.
> >>
> >> OK. Then I submit that such an RFC cannot claim to define HTTP/1.1.
> >
> > Agreed. It's at most an standards track extension to HTTP/1.1.
>
> Slight disagreement here: if RFCNNNN obsoleted RFC2616, without
> bumping the version number, it had better be backwards compatible --
> but it is more than a standards track extension to HTTP/1.1, it
> becomes the new best definition of HTTP/1.1.
>

No. Scroll up. Please reconcile your statements with RFC2616 and
RFC2145. If you want a MUST to mean something, you need to take them
seriously.

thanks,

Robert Sayre
Received on Sunday, 5 November 2006 21:34:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT